O'Reilly logo

Computer Evidence: Collection and Preservation, Second Edition by Christopher L. T. Brown

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Local Dead System Collection

As previously mentioned, investigators have a variety of choices when collecting a disk image. Do they collect a disk-to-disk bit stream, a disk-to-image file bit stream, or possibly both? Often the initial disk-image collection is driven by the tools available and the accessibility of the original evidence-disk media. Whether in the field or back at the lab, accessing the original evidence-disk media can be difficult at best. Accessing evidence-disk media is often one of the most challenging steps in the computer forensics process.

When imaging standard desktop PCs, investigators often find the disk easily accessible through removable access bays or panels, as shown in Figure 12.1.

Figure 12.1. Access a desktop ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required