O'Reilly logo

Incident Response & Computer Forensics, Third Edition, 3rd Edition by Kevin Mandia, Matthew Pepe, Jason Luttgens

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

image
CHAPTER  8
Forensic Duplication
image
During an incident, a significant amount of data is gathered, preserved, cataloged, and analyzed. One of the most comprehensive sources of information is a forensic image of an affected or suspect computer system. Although malicious activity may not be captured by event logging or fly-by network sensors, or simply may be too “common” in other data sources to analyze, oftentimes evidence of its presence lies in plain sight on the hard drives in your organization. In this chapter, we cover processes, formats, and tools ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required