Forums
Main Category
General (Technical,...
Image just a folder...
 
Notifications
Clear all

Image just a folder?

 
Page 2 / 2
General (Technical, Procedural, Software, Hardware etc.)
Last Post by 4n6art 15 years ago
17 Posts
9 Users
0 Reactions
4,452 Views
RSS
pbobby
 pbobby
(@pbobby)
Estimable Member
Joined: 16 years ago
Posts: 239
04/12/2010 1:59 am  

Curious. What was the objection to creating logical evidence files out of the data and transporting that?


   
ReplyQuote
 Techie714
(@techie714)
Eminent Member
Joined: 15 years ago
Posts: 37
Topic starter 04/12/2010 2:05 am  

Curious. What was the objection to creating logical evidence files out of the data and transporting that?

Great question, my understanding was that an AD image was only really usable in FTK. My instructions were to get a "RAW" copy of a profile & zip it, as well as an "E01 copy". I hope that answers your question. If i misunderstood I apologize I'm still new to the field.


   
ReplyQuote
 a_kuiper
(@a_kuiper)
Trusted Member
Joined: 16 years ago
Posts: 69
04/12/2010 11:26 pm  

If you have your hand on X-Ways.

Create a container, add the folder-contents to it, close the container and apply e01-compression.

Cheers!


   
ReplyQuote
 forensicakb
(@forensicakb)
Reputable Member
Joined: 16 years ago
Posts: 316
05/12/2010 1:16 am  

IMHO your instructor is wrong.

I don't know what you do for a living as sometimes you ask questions about things related to school type work and other times towards things which sound case related.

Anyway, take a case and then hand the attorney 1000 pages of notes, reports, pictures, etc. and have that case go to court and then tell me that you can never over document a case. Everything you produce can be picked apart by someone else who could very job it is to win a case for their side. More paperwork = greater chance for an error. And if you aren't worried about it being picked apart by someone else, you have the attorney who doesn't want to deal with 1000 pieces of paperwork. Lastly, I'm sure you are billing for that over documented work then there is too much billing going on. If you are doing it for free see my first point about the attorney sifting through all of it.

Yes sir good advice! as my instructor always told me you can never over document a case…lol.


   
ReplyQuote
Beetle
 Beetle
(@beetle)
Reputable Member
Joined: 17 years ago
Posts: 318
05/12/2010 4:25 am  

We used to call this burying them in paper. Most defense attorneys will freak when they see a huge pile of documentation unless their client has very deep pockets.


   
ReplyQuote
TuckerHST
 TuckerHST
(@tuckerhst)
Estimable Member
Joined: 16 years ago
Posts: 175
05/12/2010 8:39 pm  

I have only done civil litigation and in this context, I agree with forensicakb. Many of the attorneys I work with request that I keep my notes to a bare minimum; just enough to reproduce the results claimed in my expert report. Then, when my report is done, the notes are often shredded and the report becomes the authoritative document.

Similarly, the attorneys prefer to keep substantive discussions out of email. The most important thing I discuss in email is generally my invoice.

/scott


   
ReplyQuote
4n6art
 4n6art
(@4n6art)
Reputable Member
Joined: 18 years ago
Posts: 208
05/12/2010 9:11 pm  

Quick sidebar from the documentation chatter…

The RoboCopy page had a link to a new tool called RichCopy (April 2009 TechNet).
http//technet.microsoft.com/en-us/magazine/2009.04.utilityspotlight.aspx

Has some cool features for those who want another utility in their toolbelt.

Make sure you verify that it works the way YOU want it to )

-=Art=-

Another handy tool is Robocopy which comes part of Windows Server Resource Toolkit. There is also a GUI version available here
http//technet.microsoft.com/en-us/magazine/2006.11.utilityspotlight.aspx


   
ReplyQuote
Page 2 / 2
Forum Jump:
  Previous Topic
Next Topic  
Share: