Advanced Searches
Even if the search does not require covert access, there might be cases in which the basic techniques described in the preceding chapter might not be feasible. For example, the machine in question might have had a hardware failure, or it might have some nonstandard storage configuration that prevents a direct disk-to-disk copy.
Hardware Recovery
Occasionally, an investigator might be asked to recover data from damaged media. The media might be physically damaged (either intentionally or unintentionally) or might have suffered some logical damage such as the deletion of files or a reformat. Most of the forensics tools discussed in the preceding chapter offer the capability to recover deleted files and data from file slack. ...
Get Incident Response: A Strategic Guide to Handling System and Network Security Breaches now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
