Evidor: The Evidence Collector

1. Evidor: The Evidence Collector Software using for: Software for lawyers, law firms, corporate law and IT security departments, licensed investigators, and law enforcement agencies. Evidor Features: 1) search text on hard disks and retrieves the context of keyword occurrences on computer. 2)dividespaceand so-called slack space. it will even find data from files that have been deleted, if physically still existing. Note: The evidor cannot access remote networked hard disks.

2. Evidor Services: 1)convenient way for any investigator to find and collect digital evidence on computer. 2)Evidor most handy in civil: It means if one party wants to test the computers of the other party. 3)Evidor also can be use on site for electronic discovery. 4)Evidor produces reliable, replicable, neutral and simple results. IT Security: The main goal of security to protect computers from external environments. The environments means: _Unauthorized access. _Intentional (malicious) modification or destruction. _Accidental introduction of inconsistency. _Threats.

3. The following are forms of malicious access: _Unauthorized reading of data or theft of information. _Unauthorized modification of data. _Unauthorized destruction of data. _Preventing legitimate use of the system. Types of threats: 1)Interruption: _An asset of the system is destroyed of becomes unavailable unusable. _Destruction of hardware. _Cutting of communication line. _Disabling the file management system. 2)Modification: _An unauthorized party not only gains access but alters with an asset. _Changing values in a data file.

4. Continue about modification: _Altering program so that it performs differently. _Modifying the content of messages being transmitted in a network. 3)Interception: _An unauthorized party gains access to an asset. _Wiretapping to capture data in a network. _Copying of files or programs. 4)Fabrication: _ An unauthorized party insert countefeit (not real) objects into the system. _Insertion of spurious (false) messages in a network. _Addition of records to a file. Note: The assets mean hardware,software,data and communication lines and networks.

5. Securing systems: Method of improving system security is to scan the system periodically for security holes done when the computer relatively unused. We will show famous software about securing systems, it is firewall. Firewall: _A firewall is a computer or router that sits between the trusted and the untrusted. _A mechanism that allows only certain traffic between trusted and untrusted systems. _Often applied to a way to keep unwanted internet traffic a way from a system. _A firewall can separate a network into multiple domains. _Example: Acommon implementation has: _The internet as the untrusted domain. _A semitrusted and semisecure network called demilitarized zone as another domain. _Company computers as the third domain

7. Continue example: _Connections are allowed from internet to DMZ computers . _Connections are allowed from company computers to internet _Connections are not allowed from internet or DMZ computers to company computers. _Optionally, controlled communications may allowed between DMZ and one or more company computers. Example: A web server on DMZ may need to query a database server on company network. Note: Evidor also has good tool for proving presence or absence of confidential data on computer.

8. Davory: _It means how we can recover and backup our data. _We will talk at details about two parts. Recovery: _Files and data are kept in main memory and on disk. _Therefore care must be taken to ensure that system failure does not result in lost of data in data in consistency. Consistency Checking: _Part of directory information (such as files names in the directory) is kept in main memory or cache to speed up access. _Directory information in main memory is more up to date than one on disk. _If a computer crashes, the table of opened with the changes in the directories of opened files will be lost. _This will leaves the file system in an inconsistent state: _The actual state of some files in not as described in the directory structure. _So a special program (consistency checker) is run at reboot time to check for and correct disk inconsistencies.

9. Continue about davory: Backup and restore: _Because disks sometimes fail, care must be taken to ensure that the data are not lost forever. _So system programs can be used to backup data from disk to another storage device such as floppy disk, tapes or optical disk. _Recovery from the loss of an individual file or an entire disk may be then a matter of restoring the data from backup. _To minimize the copying needed we can use information each file directory entry. Example: If the backup program knows when the last backup of a file was done and the file last write date in the directory indicates that the has not changed since that data then the file does not need to be copied again.

10. Continue about backup: Example of backup schedule: _Day 1: Copy all files from disk to backup medium. _Day 2: Copy all files changed since day 1 to another medium. _Day 3: Copy all files changed since day 2 to another medium. _And so on till Day N (the larger N is the more tapes or disks needed). Note: Do not reuse backup medium so many times because they could wear out.