![]() If possible, the original drive should be preserved in a safe place and only brought out to clone again if needed. As such, one should never conduct an examination on the original evidence unless there are exigent circumstances or no other options. We know from earlier in the chapter that digital evidence is extremely volatile. That is a key difference between the two and the primary reason why a forensic image is preferred. A true forensic image captures both the active and latent data. Performing a “copy and paste” via the operating system is not the same as a forensic clone. A forensic image of a hard drive captures everything on the hard drive, from the physical beginning to the physical end. A forensic clone is also known as a bit-stream image or forensic image. Files, folders, hard drives, and more can be cloned. Sammons, in Introduction to Information Security, 2014 Purpose of CloningĪ forensic clone is an exact bit-for-bit copy of a piece of digital evidence.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |