Solved

Lexmark 646e Printer Hard Drive

Posted on 2013-01-09
2
649 Views
Last Modified: 2013-01-14
All~

Need to begin foreinsics on a a printer hard drive (Lexmark 646e) - does anyone know, before I pull the drive, what the file system on the hard drive will be (FAT32, HPFS, NTFS?) and will it be readable on widows from a disk enclosure?

Thanks in adavance.
0
Comment
Question by:JakeBanzai
2 Comments
 
LVL 88

Expert Comment

by:rindi
ID: 38763057
It will most likely use a Linux or BSD file-system, and not anything m$ or Apple based, as devices like that usually use a Linux or BSD type OS.

I suggest using the PartedMagic LiveCD to boot your PC with and the printer's disk attached. Then open the Partition Editor on that CD's desktop. It should tell you what filesystems it uses. If the disk is OK you should then be able to mount the partitions on that disk and read the data, or with testdisk/photorec (both utilities on that CD) you can scan it and recover data:

http://partedmagic.com
0
 
LVL 62

Accepted Solution

by:
btan earned 500 total points
ID: 38766883
This is an MFP and support HDD encryption and wiping. If either are on or done, forensic will not be revealing much and of low value since they are performing more than formatting. Currently hard disk encryption and hard disk wiping are not default settings for Lexmark devices.

http://www1.lexmark.com/en_US/solutions/business-solutions/security/hard-disk-capability.shtml

No specific file system I can guess unless we do a fingerprinting on it. But I saw in lexmark paper though not targeting this MFP on the paper

"Note that this does not render the hard disk drive useless. When an encrypted hard disk is moved from one MFP to another, it must be reformatted when it is placed into the new MFP. The hard disk is portable, but the data on it is not"

"Briefly, however, there is no means by which to have the MFP reprint or retrieve residual data as the MFP does not support a network file system or file sharing. Further, there is no protocol supported by the MFP that allows someone to arbitrarily read or write data to or from the hard disk. Even without encryption of the disk’s data, the contents are well protected."

However, although this is not Lexmark, may worth a quick read on this as well - they are using encase - Forensic analysis of digital copiers (Xerox DC432ST and Canon iR 2200)
http://www.willassen.no/svein/pub/copier-en.pdf
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this era, as you know, cybercrime and other sorts of frauds using the internet has increased day by day. We should protect our information assets and confidential information from getting exploiting by the attacker or intruders. Most of the fraud…
When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question