Difference between pages "Disk image" and "File:Joachim Metz.jpeg"
From Forensics Wiki
(Difference between pages)
|
|
| Line 1: |
Line 1: |
| − | A disk image is a full disk copy of the data making up the partition table, file allocation tables and data partitions without regard for operating system.
| |
| | | | |
| − | A disk image should be made prior to performing any forensic analysis of the disk. Creating a disk image is important in forensics for several reasons:
| |
| − |
| |
| − | 1. Ensure that disk information is not inadvertantly changed during analysis.
| |
| − | 2. By performing an original disk image and storing the original disk, it is possible to reproduce forensic test results with an exact reproduction of analysis methods on the original evidence.
| |
| − | 3. Disk imaging will capture information invisible to the operating system in use *E.g. hidden partitions, ext3 partitions on a Windows machine, etc.
| |
| − |
| |
| − | Software
| |
| − | Popular software used to create disk images includes Norton Ghost
| |
Latest revision as of 22:43, 18 March 2013
