Scribd
Upload
59 views

SCI 4201 Practicals: Bethel Chaka N0161068D May 13, 2020

The document describes three options for copying a 2GB drive as part of a criminal investigation: 1. Creating a disk image file which makes a bit-by-bit copy of the entire hard drive and stores it as an image file in one of three common forensic formats. 2. Creating a disk-to-disk copy which duplicates the entire contents of the source drive onto a new physical drive. 3. Creating a logical disk-to-disk or disk-to-data file copy which copies only the active used space rather than the entire drive, and stores it as a single file. The document recommends using the standalone drive imaging software "Forensic Imager" to create a sector-

Uploaded by

Qomindawo
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
59 views

SCI 4201 Practicals: Bethel Chaka N0161068D May 13, 2020

The document describes three options for copying a 2GB drive as part of a criminal investigation: 1. Creating a disk image file which makes a bit-by-bit copy of the entire hard drive and stores it as an image file in one of three common forensic formats. 2. Creating a disk-to-disk copy which duplicates the entire contents of the source drive onto a new physical drive. 3. Creating a logical disk-to-disk or disk-to-data file copy which copies only the active used space rather than the entire drive, and stores it as a single file. The document recommends using the standalone drive imaging software "Forensic Imager" to create a sector-

Uploaded by

Qomindawo
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

SCI 4201 Practicals

Bethel Chaka N0161068D


May 13, 2020

1
1. You’re investigating a case involving a 2 GB drive that you need
to copy at the scene. Write one to two pages describing three op-
tions you have to copy the drive accurately. Be sure to include your
software and media choices.

• Solution

Acquiring the data primarily requires making a copy of the hard drive
bit by bit. Acquisition of data requires collecting data to solve the case
from the location of the crime. Evidences are stored as image file in one
of three formats in the computer forensics tool. Two are open source and
the third is proprietary. Proprietary format is different, as each vendor has
different unique features. The data collection is carried out in four ways:

• Create disk to image file

• Creating disk-to-disk copy

• Creating logical disk to disk or disk-to-data file

• Creating a sparse copy of a folder or file

Disk Imaging
The stand-alone drive imaging software ”Forensic Imager” is included in
the Recover My Files Installation tab. Forensic Imager is a program based
on Windows that acquires a sectoral copy (”image”) of a drive in one of
the following common forensic file formats:

1. DD /RAW (Linux “Drive Dump”)

2. AFF (Advanced Forensic Format)

2
3. E01 (EnCase) [Version 6.xx format]

Running Forensic Imager


Forensic Image is run from the Recover My Files drop down menu by se-
lecting the “Disk Image” option. Or by selecting the Disk Imager shortcut
from the “Windows Start then All Programs then Recover My Files v5 then
Disk Imager” shortcut.

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy