Forums
Main Category
General (Technical,...
What is your most c...
 
Notifications
Clear all

What is your most common image acquisition setup?

 
Page 2 / 2
General (Technical, Procedural, Software, Hardware etc.)
Last Post by farmerdude 19 years ago
14 Posts
8 Users
0 Reactions
806 Views
RSS
 OldDawg
(@olddawg)
Estimable Member
Joined: 19 years ago
Posts: 108
Topic starter 24/07/2006 10:46 am  

This is great practical information. Thanks for the replies. This is the sort of stuff that makes this a frequently visited web site for me.


   
ReplyQuote
 farmerdude
(@farmerdude)
Estimable Member
Joined: 20 years ago
Posts: 242
26/07/2006 8:14 am  

Acquire via Firewire 800 or gig eth using crossover - no encryption needed. Output to a raw image file (in whole or segmented into chunks) to insure backward and forward compatibility for both forensic and non-forensic tools. Be careful of falling into any proprietary file format.

regards,

farmerdude


   
ReplyQuote
 OldDawg
(@olddawg)
Estimable Member
Joined: 19 years ago
Posts: 108
Topic starter 27/07/2006 3:06 am  

Acquire via Firewire 800 or gig eth using crossover - no encryption needed. Output to a raw image file (in whole or segmented into chunks) to insure backward and forward compatibility for both forensic and non-forensic tools. Be careful of falling into any proprietary file format.

regards,

farmerdude

By "raw image file" do you mean a DD image or just a clone of the suspect hard drive?


   
ReplyQuote
 farmerdude
(@farmerdude)
Estimable Member
Joined: 20 years ago
Posts: 242
10/08/2006 8:58 am  

OldDawg,

A little slow in my reply …

Yes, a raw image, ideally sector matching sector, something akin to 'dd' (or its variants) or SMART for Linux. This raw format provides for maximum flexibility for analysis and backward and forward compatibility, as well as no restrictions or threats of legal sanctions (DMCA).

regards,

farmerdude


   
ReplyQuote
Page 2 / 2
Forum Jump:
  Previous Topic
Next Topic  
Share: