Drive-to-Drive DOS Acquisition

A drive-to-drive DOS acquisition takes place entirely in DOS, and the target drive and the image storage drive are attached to the same motherboard, which is why it’s called drive-to-drive. It is a simple means of acquisition because you need to pack only an EnCase boot disk and a storage hard drive. No dongle is needed. Many examiners, having started forensics years ago when this was the standard acquisition method, still prefer it.

Drive-to-drive is a relatively fast acquisition. The speed limitation is usually imposed by the slowest component in the ATA subsystem, be it the controller, cable, configuration, or drive speed. The faster configuration will usually be master-to-master on different channels (primary ...

Get EnCE EnCase Computer Forensics: The Official EnCase Certified Examiner Study Guide, 3rd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

EnCE EnCase Computer Forensics: The Official EnCase Certified Examiner Study Guide, 3rd Edition by

Drive-to-Drive DOS Acquisition

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly