O'Reilly logo

Computer Evidence: Collection and Preservation, Second Edition by Christopher L. T. Brown

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Summary

  • An experienced computer user understands that when creating a “copy” of files from a disk, a great deal of underlying data on the disk such as metadata and unallocated or unused disk space is not included in the file “copy.”

  • NIST defines two acceptable forensics imaging practices, which create a bit-for-bit copy (unaligned clone) or bit-stream duplicate (cylinder-aligned clone) of the original disk media.

  • Disk imaging is such an important component to the evidence-collection process that the National Institute of Standards and Technology (NIST) created the Computer Forensics Tool Testing Project (CFTT) in an effort to standardize technologies in use.

  • Investigators increasingly need to possess the tools to support methodologies for collecting ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required