![]() This is an important step, especially if evidence needs to be taken to court because forensic investigators must be able to demonstrate that they have not altered the evidence in any way. ![]() This describes a forensic process in which an exact copy of a drive is taken. (For more resources related to this topic, see here.)īefore you can begin analysing evidence from a source, it first of all, needs to be imaged. In this article, by Oleg Skulkin and Scar de Courcier, authors of Windows Forensics Cookbook, we will cover drive acquisition in E01 format with FTK Imager, drive acquisition in RAW Format with DC3DD, and mounting forensic images with Arsenal Image Mounter.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
June 2023
Categories |