8 Evidence Acquisition Tools

In the previous chapter, we learned that documentation and proper DFIR procedures are key in any investigation. These ensure the integrity of the investigation by providing proof of data authenticity and preservation of the original evidence and documentation, which can be used to achieve the same exact results if the usage of tools and methods is repeated.

In this chapter, we will focus on and demonstrate forensically sound techniques for the acquisition of data by creating bitstream copies of evidence inclusive of data hashes, and also perform evidence acquisition of the drives, RAM, and paging files using various tools.

This is the first technical step in DFIR investigations, so it is very important to familiarize ...

Get Digital Forensics with Kali Linux - Third Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Digital Forensics with Kali Linux - Third Edition by Shiva V. N. Parasram

8

Evidence Acquisition Tools

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly