Chapter 4 Acquiring Digital Evidence

EnCE Exam Topics Covered in This Chapter:

Creating EnCase DOS boot disks
Booting computers using EnCase DOS boot disks
Drive-to-drive acquisitions
Network and parallel cable acquisitions
FastBloc/Tableau acquisitions
FastBloc SE acquisitions
LinEn acquisitions
Enterprise and FIM acquisitions
EnCase Portable acquisitions

Following best forensics practices, I typically conduct examinations or analyses on copies of the original evidence. In this manner, I preserve the original, protecting it from alteration or corruption. The copy of the original evidence is more commonly called an image. For this image to be a copy and the legal equivalent of the original, it must represent a duplicate image of the original. ...

Get EnCE EnCase Computer Forensics: The Official EnCase Certified Examiner Study Guide, 3rd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

EnCE EnCase Computer Forensics: The Official EnCase Certified Examiner Study Guide, 3rd Edition by

Chapter 4

Acquiring Digital Evidence

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly