ATTENTION: The new home of the Digital Forensics Wiki is at https://forensicswiki.xyz/. Yeah, it's a silly name, but it was cheap.
This wiki will be going offline permanently in the near future. An exact date will be announced soon. Thank you for being a part of this community.
If you wish to work on the new forensicswiki, please join the Google Group forensicswiki-reborn
How To Ship Drives
I was recently asked about shipping drives for forensic analysis, and since I've seen this done successfully and seen failures, I thought I would write this advice up for general consumption.
Shipping disks is tricky, but often needs to be done. Copying entire images over networks is often impossible due to the sheer size of the image. If you must ship disks, here are some instructions:
- Never ship the original drive (unless necessary for legal reasons). Regardless of the ultimate disposition of the original drive, always start by shipping an.
- Use one of the Write Blockers mentioned on this page.
- A drive can be imaged by a number of free software tools, such as FTK_Imager.
- Image to a bare (internal) hard drive, such as these internal hard drives.
- Use enter a