Understanding "Source verification failure" in Guymager Acquisition
This seems to be a recurring issue I'm having with HDD acquisitions in Guymager.
I know it has to do with bad sectors on the disc, but I can't quite get a clear grasp around it to explain in a court hearing. Could someone kindly explain what's going on, and IF the acquisition could be considered as valid?
Here's an extract of a .info file from a failed acquisition:
During acquisition, 40 bad sectors have been encountered. They have been replaced by zeroed sectors. The sector numbers are:
1369656456-1369656463, 1369658800-1369658807, 1369664416-1369664423, 1369667208-1369667215, 1369669888-1369669895
During verification, 24 bad sectors have been encountered. The sector numbers are:
1369658800-1369658807, 1369664416-1369664423, 1369667208-1369667215
State: Finished successfully (with 40 bad sectors)
MD5 hash : ba324ecbf23f21830f9b0099bbf1bca8
MD5 hash verified source : e3c4c3867ca797bbf0a1cc914e44fba6
MD5 hash verified image : ba324ecbf23f21830f9b0099bbf1bca8
SHA1 hash : e0eb8f44d0e807c390c072c58d81cad690780906
SHA1 hash verified source : 8e8da131eb092a7d5b9e9d85b60219234a972ef7
SHA1 hash verified image : e0eb8f44d0e807c390c072c58d81cad690780906
SHA256 hash : --
SHA256 hash verified source: --
SHA256 hash verified image : --
Source verification FAILED. The device didn't deliver the same data during acquisition and verification. Check if the defect sector list was the same during acquisition and verification (see above).
Image verification OK. The image contains exactly the data that was written.
Maybe you try to acquire the device again.