Two e01 forensic image on one larger drive ?

As you said, the biggest disadvantage is the possibility of losing the data.
You should copy those images to your forensic PC straight away after the acquisition. You will also might notice the low speed of reading the data when doing the analysis of both images in the same time. Make sure that you will put all the needed information to be able to distinguish one from another and to tell which one is coming from what original device.

I don't see any other big problems with such approach.

Regards,
Karol

Thanks )

I thought it is maybe not a "good practise" in IT Forensics doing two binary copies on the same drive.

Disk, not disc, by convention (yes, I am picky).
https://en.wikipedia.org/wiki/Spelling_of_disc

jaclaz

Disk, not disc, by convention (yes, I am picky).
https://en.wikipedia.org/wiki/Spelling_of_disc

jaclaz

I must respectfully disagree. I have always spelt it disc. My teachers at university also spelt it disc.

Disc coming of course from discus (a circular thrown object for those not aware).

Disk is a spelling perpetuated by American companies, nothing more.

Cue further "discussion" now on spelt vs spelled…

)

Hello,
Is it good to acquire e01 forensics binary copy from two different discs on one larger disc ? From example I have two discs - one 120GB, second 320GB, and I want to do binary copies of them on one larger disc from example 1TB.
Except from fact that when I physically damage that 1TB disc I lose both of binary copies of that (120, 320) discs , what are others disadvantages of doing this ?

Just wanted to follow up my previous post and actually contribute to your initial question.

Acquisition of 2 images to the same drive is absolutely fine

BUT

Don't acquire both at the same time - you will end up with highly fragmented data (think of the data runs! 😯 ) and will likely suffer a severe performance hit when reading it later, if it doesn't crash out!

Disk is short for Diskette, so should be used for floppies

Disc, maybe hard drive, but depends on which side of the pond one is on.

SSD SS Drive, so we avoid the problem.

The British would say disc, the Americans would say disk, they are both fine generally speaking, as said the spelling is just a convention when used for media in computer related topics, magnetic is disk, optical is disc.

Related commands tend to use the k, try using disc manager, discpart, fdisc and chkdsc, to name a few. wink

But the good Seagate guys (known manufacturer of hard disks) did bundle with some hard disk drives a software called DiscWizard ….

Some interesting graphs
http//writingexplained.org/disc-or-disk-difference

@mscotgrove
No, actually it's the other way round, diskette is a diminutive of disk, just like cigarette is a diminutive of cigar or kitchenette is of kitchen …

jaclaz

I never heard of a "hard disc drive", "hard disk drive" is the correct naming. When we speak about "drives", it is always with "k". When we speak about Latin "discus" originated round form things, it is disc, but that won't ever be a "drive" by itself.

jaclaz might be picky, but he is right…

As for storing two e01 forensic images on the same drive, there is no problem with that. Working with several images stored on the same hard disk drive leads could lead to performance issues and it is not recommended.

I never heard of a "hard disc drive", "hard disk drive" is the correct naming <snip>

And to borrow from Shakespeare

There are more things in heaven and earth, Horatio, than are dreamt of in your philosophy

Just because you have never heard of it, doesn't mean it is wrong. There are numerous published texts from respected authors which use "disc" rather than "disk" - Digital Forensics (Marshall, 2008) imediately comes to mind. These by their very nature have been through proof-reading procedures.

When we speak about "drives", it is always with "k".

Speak for yourself. wink