10 EVIDENCE ACQUISITION BASICS
Disks, file systems and stored data are the building blocks for the majority of digital forensics investigations. In this chapter we’re going to look closely at how these mainstay sources of potential evidence are acquired, processed and analysed. A deep understanding of both file systems and disk geometry are crucial for a forensic investigator in analysing the evidence presented to them. In this chapter we’ll look at these, and talk through performing basic digital forensics acquisitions.
If you’re primarily in an incident response role, you should also become familiar with the contents of this chapter. You’re likely to find yourself best placed to handle evidence acquisition as a first responder, even if you ...
Get Hands-on Incident Response and Digital Forensics now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
