{"id":828,"date":"2026-04-12T22:55:29","date_gmt":"2026-04-12T20:55:29","guid":{"rendered":"https:\/\/activum24.pl\/?p=828"},"modified":"2026-04-16T22:58:57","modified_gmt":"2026-04-16T20:58:57","slug":"kopie-binarne-material-do-analizy-sledczej","status":"publish","type":"post","link":"https:\/\/activum24.pl\/index.php\/2026\/04\/12\/kopie-binarne-material-do-analizy-sledczej\/","title":{"rendered":"Kopie binarne – materia\u0142 do analizy \u015bledczej"},"content":{"rendered":"\n

Kopia binarna stanowi podstawowy materia\u0142 dowodowy w informatyce \u015bledczej, tworz\u0105c dok\u0142adn\u0105, bit-po-bicie replik\u0119 no\u015bnika bez ingerencji w orygina\u0142. Umo\u017cliwia analiz\u0119 wszystkich obszar\u00f3w dysku \u2014 w tym nieprzydzielonych, usuni\u0119tych plik\u00f3w i metadanych \u2014 przy zachowaniu pe\u0142nej integralno\u015bci poprzez hashe (MD5\/SHA1), co jest kluczowe dla dopuszczalno\u015bci w post\u0119powaniu s\u0105dowym. Dzi\u0119ki temu orygina\u0142 pozostaje nienaruszony (model „post mortem”), a analiza odbywa si\u0119 na bezpiecznym obrazie, minimalizuj\u0105c ryzyko utraty warto\u015bci dowodowej.<\/p>\n\n\n\n

FTK Imager to wszechstronne narz\u0119dzie wspieraj\u0105ce proces tworzenia kopii binarnych i wst\u0119pnej analizy danych cyfrowych. Umo\u017cliwia zachowanie integralno\u015bci dowod\u00f3w i bezpieczny dost\u0119p do ich zawarto\u015bci.<\/p>\n\n\n\n

Poni\u017cej raport z zadania laboratoryjnego dotycz\u0105cego kopii binarnych.<\/p>\n\n\n\n

    \n
  1. Zainstalowano TFK Imager<\/li>\n<\/ol>\n\n\n\n
    \"\"<\/figure>\n\n\n\n

    2. Badany no\u015bnik
    <\/p>\n\n\n\n

    \"\"<\/figure>\n\n\n\n

    3. \u201ePracowano na blokerze sprz\u0119towym Cellebrite A-CRD-01-005 S\/N 1008042\u201d<\/p>\n\n\n\n

    \"\"<\/figure>\n\n\n\n

    4. Wykonano kopie binarne pendrive<\/p>\n\n\n\n

      \n
    • W formacie DD<\/li>\n<\/ul>\n\n\n\n
      Created By Exterro\u00ae FTK\u00ae Imager 4.7.3.81 \n\nCase Information: \nAcquired using: ADI4.7.3.81\nCase Number: RS1.2026s\nEvidence Number: Ticket - Incydent 2.2026\nUnique description: kopia binarna pendrive Kingston DataTraveler 2.0 o poj. 2GB o SN:5B7304838F25\nExaminer: Rafa\u0142 Sitek - Activum24.pl\nNotes: kopia typu DD \"wykonana z wykorzystaniem blokera sprz\u0119towego Cellebrite A-CRD-01-005 S\/N 1008042\"\n\n--------------------------------------------------------------\n\nInformation for C:\\Users\\Biuro\\LAB\\1.2026_pendrive_Kingston_DataTraveler_2GB_SN_5B7304838F25:\n\nPhysical Evidentiary Item (Source) Information:\n[Device Info]\n Source Type: Physical\n[Drive Geometry]\n Cylinders: 250\n Tracks per Cylinder: 255\n Sectors per Track: 63\n Bytes per Sector: 512\n Sector Count: 4 030 464\n[Physical Drive Information]\n Drive Model: Kingston DataTraveler 2.0 USB Device\n Drive Serial Number: 5B7304838F25\n Drive Interface Type: USB\n Removable drive: True\n Source data size: 1968 MB\n Sector count:    4030464\n[Computed Hashes]\n MD5 checksum:    cad5b3e440a22ccdd0be3f2e627999a3\n SHA1 checksum:   0dd4b6391f42392fe13d31e096e3268a0cdc3472\n\nImage Information:\n Acquisition started:   Sun Apr 12 09:15:07 2026\n Acquisition finished:  Sun Apr 12 09:18:07 2026\n Segment list:\n  C:\\Users\\Biuro\\LAB\\1.2026_pendrive_Kingston_DataTraveler_2GB_SN_5B7304838F25.001\n COMPUTED HASH :  cad5b3e440a22ccdd0be3f2e627999a3\n COMPUTED HASH :  0dd4b6391f42392fe13d31e096e3268a0cdc3472\n\nImage Verification Results:\n Verification started:  Sun Apr 12 09:18:07 2026\n Verification finished: Sun Apr 12 09:18:12 2026\n MD5 checksum:    cad5b3e440a22ccdd0be3f2e627999a3 : verified\n SHA1 checksum:   0dd4b6391f42392fe13d31e096e3268a0cdc3472 : verified<\/code><\/pre>\n\n\n\n
        \n
      • W formacie E01<\/li>\n<\/ul>\n\n\n\n
        Created By Exterro\u00ae FTK\u00ae Imager 4.7.3.81 \n\nCase Information: \nAcquired using: ADI4.7.3.81\nCase Number: RS1.2026s\nEvidence Number: Ticket - Incydent 2.2026\nUnique description: kopia binarna pendrive Kingston DataTraveler 2.0 o poj. 2GB o SN:5B7304838F25\nExaminer: Rafa\u0142 Sitek - Activum24.pl\nNotes: kopia typu E01 \"wykonana z wykorzystaniem blokera sprz\u0119towego Cellebrite A-CRD-01-005 S\/N 1008042\"\n\n--------------------------------------------------------------\n\nInformation for C:\\Users\\Biuro\\LAB\\1.2026_pendrive_Kingston_DataTraveler_2GB_SN_5B7304838F25:\n\nPhysical Evidentiary Item (Source) Information:\n[Device Info]\n Source Type: Physical\n[Drive Geometry]\n Cylinders: 250\n Tracks per Cylinder: 255\n Sectors per Track: 63\n Bytes per Sector: 512\n Sector Count: 4 030 464\n[Physical Drive Information]\n Drive Model: Kingston DataTraveler 2.0 USB Device\n Drive Serial Number: 5B7304838F25\n Drive Interface Type: USB\n Removable drive: True\n Source data size: 1968 MB\n Sector count:    4030464\n[Computed Hashes]\n MD5 checksum:    cad5b3e440a22ccdd0be3f2e627999a3\n SHA1 checksum:   0dd4b6391f42392fe13d31e096e3268a0cdc3472\n\nImage Information:\n Acquisition started:   Sun Apr 12 09:20:03 2026\n Acquisition finished:  Sun Apr 12 09:23:03 2026\n Segment list:\n  C:\\Users\\Biuro\\LAB\\1.2026_pendrive_Kingston_DataTraveler_2GB_SN_5B7304838F25.E01\n COMPUTED HASH :  cad5b3e440a22ccdd0be3f2e627999a3\n COMPUTED HASH :  0dd4b6391f42392fe13d31e096e3268a0cdc3472\n\nImage Verification Results:\n Verification started:  Sun Apr 12 09:23:03 2026\n Verification finished: Sun Apr 12 09:23:08 2026\n MD5 checksum:    cad5b3e440a22ccdd0be3f2e627999a3 : verified\n SHA1 checksum:   0dd4b6391f42392fe13d31e096e3268a0cdc3472 : verified<\/code><\/pre>\n\n\n\n
        5. Wykonane kopie posiadaj\u0105 te same sumy kontrolne. Zgodnie z oczekiwaniami kopia skompersowana E01 ma mniejszy rozmiar. Powy\u017cej przedstawiono raporty z przeprowadzonych kopii.<\/p>\n\n\n\n
        6. Z kopii binarnej E01 odzyskano plik DigitalPDFSigner.java<\/p>\n\n\n\n
        \"\"<\/figure>\n\n\n\n
        7. Dodatkowo kopi\u0119 binarn\u0105 E01 zamontowano w systemie operacyjnym i dokonano pr\u00f3b\u0119 odzyskania plik\u00f3w skasowanych narz\u0119dziem Recuva.<\/p>\n\n\n\n
        Ze wzgl\u0119du na to, \u017ce no\u015bnik by\u0142 wcze\u015bniej formatowany \u2013 narz\u0119dzie nie znalaz\u0142o plik\u00f3w, kt\u00f3re mog\u0142yby by\u0107 odzyskane.<\/p>\n\n\n\n
        Wykonano te zadanie z przyk\u0142adowego obrazu przygotowanego na \u0107wiczenie i odzyskano plik _h.jpg<\/p>\n\n\n\n
        \"\"<\/figure>\n\n\n\n
        \"\"<\/figure>\n","protected":false},"excerpt":{"rendered":"
        Kopia binarna stanowi podstawowy materia\u0142 dowodowy w informatyce \u015bledczej, tworz\u0105c dok\u0142adn\u0105, bit-po-bicie replik\u0119 no\u015bnika bez ingerencji w orygina\u0142. Umo\u017cliwia analiz\u0119 wszystkich obszar\u00f3w dysku \u2014 w tym nieprzydzielonych, usuni\u0119tych plik\u00f3w i metadanych \u2014 przy zachowaniu pe\u0142nej integralno\u015bci poprzez hashe (MD5\/SHA1), co jest kluczowe dla dopuszczalno\u015bci w post\u0119powaniu s\u0105dowym. Dzi\u0119ki temu orygina\u0142 pozostaje nienaruszony (model „post mortem”),… <\/p>\n","protected":false},"author":1,"featured_media":830,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"neve_meta_sidebar":"","neve_meta_container":"","neve_meta_enable_content_width":"","neve_meta_content_width":0,"neve_meta_title_alignment":"","neve_meta_author_avatar":"","neve_post_elements_order":"","neve_meta_disable_header":"","neve_meta_disable_footer":"","neve_meta_disable_title":"","footnotes":""},"categories":[1],"tags":[],"class_list":["post-828","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hardware"],"_links":{"self":[{"href":"https:\/\/activum24.pl\/index.php\/wp-json\/wp\/v2\/posts\/828","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/activum24.pl\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/activum24.pl\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/activum24.pl\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/activum24.pl\/index.php\/wp-json\/wp\/v2\/comments?post=828"}],"version-history":[{"count":2,"href":"https:\/\/activum24.pl\/index.php\/wp-json\/wp\/v2\/posts\/828\/revisions"}],"predecessor-version":[{"id":837,"href":"https:\/\/activum24.pl\/index.php\/wp-json\/wp\/v2\/posts\/828\/revisions\/837"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/activum24.pl\/index.php\/wp-json\/wp\/v2\/media\/830"}],"wp:attachment":[{"href":"https:\/\/activum24.pl\/index.php\/wp-json\/wp\/v2\/media?parent=828"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/activum24.pl\/index.php\/wp-json\/wp\/v2\/categories?post=828"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/activum24.pl\/index.php\/wp-json\/wp\/v2\/tags?post=828"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}