Booting a Computer Using the EnCase Boot Disk
Despite advances in technologies that allow acquisitions to occur in the Windows environment using FastBloc, Tableau, or other write-blocking methods, you’ll sometimes still need a DOS boot. To make matters worse, you have to use the suspect machine to host the boot. The situations requiring this method include the following:
- Geometry mismatches between the host BIOS (legacy) and your exam machine BIOS (the latest and greatest)
- Suspect hard drive that is “married” to the host motherboard via a security scheme
- Hard drive that is part of a hardware RAID, particularly when reconstructing the RAID from individual hard drives, in which it is a RAID scheme that is not supported by EnCase
Seeing Invisible ...