Computer Forensics JumpStart, Second Edition

Chapter 5

Capturing the Data Image

Understanding full volume images
Understanding partial volume images
Understanding the pros and cons of imaging full and partial volumes
Exploring disk and memory imaging and capture tools

It’s time to look at what happens as an investigation begins. As with any other items of evidence, computer system components and other electronic devices must be handled correctly. An examiner must follow certain procedures to document their receipt and handling. Each computer examination is unique, and the investigator must consider the total effects of the circumstances as the investigation proceeds.

A forensic investigator must also be familiar with the types of evidence that may be encountered on a machine and how ...

Get Computer Forensics JumpStart, Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Computer Forensics JumpStart, Second Edition by

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly