Booting a Computer Using the EnCase Boot Disk

Despite advances in technologies that allow acquisitions to occur in the Windows environment using FastBloc, Tableau, or other write-blocking methods, you’ll sometimes still need a DOS boot. To make matters worse, you have to use the suspect machine to host the boot. The situations requiring this method include the following:

Geometry mismatches between the host BIOS (legacy) and your exam machine BIOS (the latest and greatest)
Suspect hard drive that is “married” to the host motherboard via a security scheme
Hard drive that is part of a hardware RAID, particularly when reconstructing the RAID from individual hard drives, in which it is a RAID scheme that is not supported by EnCase

Seeing Invisible ...

Get EnCE EnCase Computer Forensics: The Official EnCase Certified Examiner Study Guide, 3rd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

EnCE EnCase Computer Forensics: The Official EnCase Certified Examiner Study Guide, 3rd Edition by Steve Bunting

Booting a Computer Using the EnCase Boot Disk

Seeing Invisible ...

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly