Welcome to computer forensic portal - your online resources to all computer foreniscs
 
Knowledge Articles
Books Database
Legal Cases
Forensic Dictionary
PDF documents
Web Resources
FAQ

 

Image Acquisition
Page 1
Page 2
Page 3
Page 4
 
Computer Forensic Tools
Expert Witness
Helix (Windows)
Helix (Linux)

 
  Home > Knowledge Articles > Image Acquisition (Windows)

Image Acquisition (Windows)

Creating Forensic Images

In computer forensics, it is vital to make sure and prove that during the whole process of forensic investigation, there should be no trace of analysis effort on the evidence media. A computer forensic investigator should prove that the evidence media is not modified in any way.

One method is to make an image copy of the original evidence media and carry out investigation on the image to prevent any modification on the original evidence. An example of such software is the FTK Imager. It makes a bit-to-bit duplicate image which is identical to the original, including file slack, unallocated space and free space.

With the FTK Imager, you can create forensic images of original evidence media such as local hard disk, thumbdrive, floppy diskettes, zip disks, CDs and DVDs.

1. Click File > Create Disk Image.

or click on the Create Disk Image icon on the menu bar.

[continue - page 2]

 
 

© 2009
Computer Forensics Portal
All Rights Reserved

Disclaimer | Privacy Policy

Home | Contact | Sitemap

Knowledge Articles | Books Database | Legal Cases | Forensic Dictionary | Web Resources | Frequently Asked Questions