Acquisition example

From Wikibooks, open books for an open world
Jump to navigation Jump to search

Most of the sections of this book have a practical example for you to test your knowledge, some people find it helpful to apply theory in practice as part of their learning. There is no requirement to complete these tasks, but it might be of use in clarifying the theoretical material.

In this first task we will be:

  • Documenting a piece of digital media
  • Acquiring a bit copy
  • Verifying the copy
What you will need

In a real investigation you would use a forensic write blocker during media acquisition. These tend to run into the hundreds of dollars so, of course, it is impractical to require one. Otherwise you are going to need:

  • Acquisition software (this example uses FTK Imager but you can pick another tool if you wish)
  • Digital media (it might be easiest to use a USB pen drive, remember to add some files)
  • CaseNotes software (optional)
Introduction to Digital Forensics