O'Reilly logo

EnCE EnCase Computer Forensics: The Official EnCase Certified Examiner Study Guide, 3rd Edition by Steve Bunting

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Creating EnCase Forensic Boot Disks

note.eps
Initially, I’ll focus on creating EnCase DOS boot disks using EnCase 5 (or older). I’ll switch to EnCase 7 when the new features of that version merge into the process.

The purpose of the forensic boot disk is to boot the computer and load an operating system in a forensically sound manner so that the evidentiary media is not changed. A normal DOS boot disk will make calls to the C: drive primarily via COMMAND.COM but also with IO.SYS. Figure 4-1 shows COMMAND.COM making a call to the C: drive. Also, it will attempt to load DRVSPACE.BIN (disk compression software) if present. An EnCase forensic boot ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required