O'Reilly logo

Computer Evidence: Collection and Preservation, Second Edition by Christopher L. T. Brown

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Bit-Stream Images

In the field or in the lab, forensics investigators normally collect one or more bit-stream images of the original evidence media. This image collection allows for subsequent analysis and reporting, leaving the original media (or another image) safely locked away. The method and number of image collection vary greatly by investigator preference and by mitigating factors presented by the case.

When collecting an image, the investigator can use the following high-level approaches:

  • Collect a bit-stream image from original media to an evidence file, referred to by NIST as a bit-for-bit copy (unaligned clone) of the original disk media.

  • Collect a bit-stream image from original media to an evidence disk, referred to by NIST as a bit-stream ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required