ForensicsWiki will continue to operate as it has before and will not be shutting down. Thank you for your continued support of ForensicsWiki.
Raw Image Format
The RAW Image Format is used to store a disk or volume image.
There are two variants of the RAW Image Format a split and a non-split variant.
There are various naming schemes for RAW Image Format files, some of the more common used for disk or volume images are:
- PREFIX.0 - PREFIX.#; variations: starting with either 0 or 1, consisting of multiple digits e.g. PREFIX.000
- PREFIX0 - PREFIX#; variations: starting with either 0 or 1, consisting of multiple digits e.g. PREFIX000
- PREFIXaa - PREFIXzz; variations: consisting of more letters e.g. PREFIX.aaa
- PREFIX.1of5 - PREFIX.5of5; variations: consisting of multiple segment files
- PREFIX001.asb - PREFIX###.asb
Note that there are also RAW Image Formats specific to the storage media, e.g. RAW optical disc image.
These often are accompanied by a table of contents file often in the CUE Sheet format, e.g.
The RAW Image Format is basically a bit-for-bit copy of the RAW data of either the disk or the volume, without any additions or deletions.
There is no metadata stored in RAW Image Format files. However sometimes the metadata is stored in secondary files.
The RAW Image Format was original used by dd, but is support by most of the computer forensics applications.