Preview only show first 10 pages with watermark. For full document please download

Multiple Raid Levels Multiple Raid Levels Imaging Raid Arrays

Rating
Date

July 2018
Size

3.9MB
Views

7,132
Categories

computers & electronics computer components system components RAID controllers

Transcript

Multiple RAID Levels Digital Forensics Center Department of Computer Science and Statics U THINK BIG WE DO Additional RAID Configurations - Combination of two RAID levels RAID 0 RAID 0 More robust and fault tolerant set-up RAID 0, then RAID 1 (RAID 0+1) - copy Mirror of Stripes RAID 1 RAID File Reconstruction System Forensics Divide disks into two sets Turn each set into RAID 0 Then mirror the two arrays (RAID 1) R I http://www.forensics.cs.uri.edu 00:00 00:17 Multiple RAID Levels Imaging RAID Arrays Goal - RAID Rebuilding RAID 1 Additional RAID Configurations - Combination of two RAID levels More robust and fault tolerant set-up Stripe of Mirrors Divide disks into sets of two Stripe across all RAID 1 sets (RAID 0) - Paste striped data into single disk image and remove parity. - Determine as much as possible before leaving site! - Boot RAID Server into RAID Controller BIOS during POST copy copy Turn each pair into a RAID 1 set RAID 0 Reconstruct logical volume from physical RAID drives - With or without missing disks copy RAID 1, then RAID 0 (RAID 1+0) - - RAID 0 - View array configuration & record: RAID level, Disk order, Stripe size, Disk and array configuration, Controller type, etc. Manual interpretation of striped data is not difficult Partition layout concepts are same: - MBR and Partition Table Boot Sectors/Records FAT Tables, Root Directories, etc. MFT Records, INDX Entries, etc. 01:14 02:06 Imaging RAID Arrays Imaging RAID Arrays Mirrored (RAID 1) - Image same as single drive Use normal imaging tools and techniques on each drive Hardware and software RAIDs handled same Striped RAID Arrays Data is striped evenly across all drives - - No complete file system sits on each drive May need special driver for RAID Controller - - Cannot be handled the same as a single drive Target drive must be large enough for entire RAID logical volume - - Image each physical drive separately Rebuilding data can be done by duplicating hardware - Must rebuild RAID to be useful to investigation - Preferred method is to image logical volumes - Instead of physical disk drives 03:44 Imaging tool must see logical RAID - 04:12 - Disks, Controller, Firmware RAID Rebuilding RAID Rebuilding Disk Order - RAID 0 RAID Header Original order of physical disks in RAID RAID Header Static BlockDedicated of Data at the Disk beginning of Typical Strip Sizes: Parity disk. 8 each kB; 16array 32 kB;4 RAID 2kB; & RAID Label drives as they are pulled from 64 kB; 128 kB; 256 kB; per strip the array Byte to identify Diskcasing. Number Distributed Parity in Disk RAID 3, Order. RAID 5 & RAID 6 Double-check to ensure correct order when returning drives.found Header size and Diskthe # usually Strip Size - How much data is written to each drive before moving to the next Parity - by performing comparison of disks. Dedicated versus Distributed Parity/Type and Rotation Every RAID implementation does not have a header. Parity Delay - Disk Order & Strip Size Data to store: A B C D E F G H I J K L M N O P Q R S T RAID Header Size (optional) RAID 0 RAID 1 - No rebuilding necessary - unless RAID 0+1 or RAID 1+0 RAID 5 - Disk Order & Strip Size RAID Header Size (optional) Parity Rotation Parity Delay A E I M Q 08:51 RAID Rebuilding RAID Rebuilding RAID 0 Disk Order & Strip Size RAID Header Size (optional) RAID 1 RAID 1 - No rebuilding necessary - unless RAID 0+1 or RAID 1+0 RAID 5 - Disk Order & Strip Size RAID Header Size (optional) Parity Rotation Parity Delay RAID 0 Data to store: A B C D E F G H I J K L M N O P Q R S T A B C D E - Disk Order & Strip Size RAID Header Size (optional) RAID 1 - A B C D E No rebuilding necessary - unless RAID 0+1 or RAID 1+0 RAID 5 - Disk 1 Disk 2 Disk Order & Strip Size RAID Header Size (optional) Parity Rotation Parity Delay Data to store: RAID 5 A E I P3 M RAID Rebuilding RAID Header Size (optional) RAID 1 - No rebuilding necessary - unless RAID 0+1 or RAID 1+0 RAID 5 - Disk Order & Strip Size RAID Header Size (optional) Parity Rotation Parity Delay 11:49 RAID 0 Data to store: A B C D E F G H I J K L M N O P Q R S T RAID 5 (minimum 3 disks) P0 D G J P4 A P1 H K M No Parity Delay Forward Dynamic B E P2 L N B F P2 J N C F I P3 O Disk 1 Disk 2 Disk 3 Disk 4 - Disk Order & Strip Size RAID Header Size (optional) RAID 1 - No rebuilding necessary - unless RAID 0+1 or RAID 1+0 RAID 5 - Disk Order & Strip Size RAID Header Size (optional) Parity Rotation Parity Delay 12:10 C P1 G K O P0 D H L P4 Disk 1 Disk 2 Disk 3 Disk 4 RAID Rebuilding Disk Order & Strip Size No Parity Delay Backward Dynamic (minimum 3 disks) 10:27 RAID 0 D H L P T A B C D E F G H I J K L M N O P Q R S T 10:11 - C G K O S Disk 1 Disk 2 Disk 3 Disk 4 05:22 - B F J N R Data to store: A B C D E F G H I J K L M N O P Q R S T RAID 5 (minimum 3 disks) A D G J M B E H K N Parity Delay Backward Dynamic C F I P3 P4 P0 P1 P2 L O Disk 1 Disk 2 Disk 3 Disk 4 13:25

Multiple Raid Levels Multiple Raid Levels Imaging Raid Arrays

Rating

Date

Size

Views

Categories

Share

Transcript

Forgot your password?.