Monday, February 16, 2009

Hard Drives with Zero Insertion Force (ZIF) Connectors

The Mtron SSDImage via Wikipedia
If you are a first responder, then you may want to get yourself a couple of ZIF to IDE adapters, in case you don't have them yet. These new tiny laptops have become very popular and lots of them use hard drives or solid state drives with ZIF connectors. In situations when there is a limited time available to pull out the drive or suitable adapter is not available, I often use Helix3 Live CD.

This option works well when the computer I preview has a CD/DVD Drive. The problem is that not all of these new and portable laptops have one. Fujitsu Siemens AMILO MINI is a perfect example of the portable laptop that uses ZIF HDD and has no CD/DVD Drive built-in.

Then the options are:

1. Have a USB flash drive with bootable Helix3 or any other forensic Live CD. It is relatively easy to create such device with UNetbootin or by hand (just google for "Helix Linux on a USB thumb drive").

2. Have a portable external USB CD/DVD Drive with you all the time and use it to boot the suspect’s machine from the Live CD of your choice.

3. Get yourself ZIF to IDE adapter or buy the 'Hard Drive ZIF Adapter' from Digital Intelligence guys. It also comes with different cables for Toshiba and Hitachi drives.

Reblog this post [with Zemanta]

Sunday, February 8, 2009

NTFS-3G driver in Ubuntu 8.04.2 LTS

The NTFS-3G driver used by Ubuntu may cause input/output error while transferring large (4.3Gb +) files. NTFS-3G version 1.2216 is the default NTFS driver in Ubuntu 8.04.2 and later. The latest STABLE Version is 2009.1.1 (January 22, 2009). Synaptic Package Manager or apt-get remove can be used to uninstall the default version.

There are no deb packages for the latest version yet, so ./configure -> make -> make install must be used to install the latest driver. Instructions and download link are here. No problems were detected after installing the latest NTFS-3G driver.

Interesting fact is that some drives may work just fine with the default drivers and some will fail and end up with the corrupt NTFS partition. Maxtor OneTouch II (300GB) worked just fine and Maxtor OneTouch III (500GB) got corrupted when I tried to write to it a few large files. Windows chkdsk with /f switch should fix the problem and make the drive accessible again.

The latest Helix3 Live CD is based on Ubuntu and also using NTFS-3G version 1.2216. When it is used to acquire an image or large files, it is probably a good idea to have some spare external storage for saving the data.