www.digitalforensics.com
Open in
urlscan Pro
2606:4700:10::6814:2d1d
Public Scan
URL:
https://www.digitalforensics.com/blog/how-to-make-the-forensic-image-of-the-hard-drive/
Submission: On March 16 via manual from CA — Scanned from DE
Submission: On March 16 via manual from CA — Scanned from DE
Form analysis 5 forms found in the DOM
GET https://www.digitalforensics.com/blog/
<form role="search" method="get" class="searchform" action="https://www.digitalforensics.com/blog/">
<input type="text" value="" name="s" placeholder="Type to search">
</form>POST https://www.digitalforensics.com/blog/wp-comments-post.php
<form action="https://www.digitalforensics.com/blog/wp-comments-post.php" method="post" id="commentform" class="comment-form">
<style type="text/css">
.wp-social-login-connect-with {}
.wp-social-login-provider-list {}
.wp-social-login-provider-list a {}
.wp-social-login-provider-list img {}
.wsl_connect_with_provider {}
</style>
<div class="wp-social-login-widget">
<div class="wp-social-login-connect-with">Connect with:</div>
<div class="wp-social-login-provider-list">
<a rel="nofollow" href="https://www.digitalforensics.com/blog/login/?action=wordpress_social_authenticate&mode=login&provider=LinkedIn&redirect_to=https%3A%2F%2Fwww.digitalforensics.com%2Fblog%2Fhow-to-make-the-forensic-image-of-the-hard-drive%2F" title="Connect with LinkedIn" class="wp-social-login-provider wp-social-login-provider-linkedin" data-provider="LinkedIn" role="button">
<img alt="LinkedIn" src="data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%200%200'%3E%3C/svg%3E" aria-hidden="true" data-lazy-src="https://www.digitalforensics.com/blog/wp-content/plugins/wordpress-social-login/assets/img/32x32/wpzoom/linkedin.png"><noscript><img alt="LinkedIn" src="https://www.digitalforensics.com/blog/wp-content/plugins/wordpress-social-login/assets/img/32x32/wpzoom/linkedin.png" aria-hidden="true"></noscript>
</a>
</div>
<div class="wp-social-login-widget-clearing"></div>
</div>
<div class="comment-fields-container full">
<div class="comment-fields-inner"><textarea id="comment" class="form-control" name="comment" aria-required="true" rows="8" placeholder="Additional Comments (optional)"></textarea><input id="author" class="form-control" name="author" type="text"
value="" placeholder="Name">
<input id="email" class="form-control" name="email" type="text" value="" placeholder="E-mail">
<input id="url" class="form-control" name="url" type="text" value="" placeholder="Website (optional)">
<p class="comment-form-cookies-consent"><input id="wp-comment-cookies-consent" name="wp-comment-cookies-consent" type="checkbox" value="yes"> <label for="wp-comment-cookies-consent">Save my name, email, and website in this browser for the next
time I comment.</label></p>
<div class="anr_captcha_field">
<div id="anr_captcha_field_1" class="anr_captcha_field_div"><input type="hidden" name="g-recaptcha-response" value=""></div>
</div>
<p class="form-submit"><input name="submit" type="submit" id="submit" class="submit" value="Post"> <input type="hidden" name="comment_post_ID" value="2628" id="comment_post_ID">
<input type="hidden" name="comment_parent" id="comment_parent" value="0">
</p>
<p style="display: none;"><input type="hidden" id="akismet_comment_nonce" name="akismet_comment_nonce" value="dbce7f2190"></p>
</div>
</div>
<p style="display: none !important;"><label>Δ<textarea name="ak_hp_textarea" cols="45" rows="8" maxlength="100"></textarea></label><input type="hidden" id="ak_js" name="ak_js" value="236">
<script type="rocketlazyloadscript">document.getElementById( "ak_js" ).setAttribute( "value", ( new Date() ).getTime() );</script>
</p>
</form><form id="jp-carousel-comment-form">
<label for="jp-carousel-comment-form-comment-field" class="screen-reader-text">Write a Comment...</label>
<textarea name="comment" class="jp-carousel-comment-form-field jp-carousel-comment-form-textarea" id="jp-carousel-comment-form-comment-field" placeholder="Write a Comment..."></textarea>
<div id="jp-carousel-comment-form-submit-and-info-wrapper">
<div id="jp-carousel-comment-form-commenting-as">
<fieldset>
<label for="jp-carousel-comment-form-email-field">Email (Required)</label>
<input type="text" name="email" class="jp-carousel-comment-form-field jp-carousel-comment-form-text-field" id="jp-carousel-comment-form-email-field">
</fieldset>
<fieldset>
<label for="jp-carousel-comment-form-author-field">Name (Required)</label>
<input type="text" name="author" class="jp-carousel-comment-form-field jp-carousel-comment-form-text-field" id="jp-carousel-comment-form-author-field">
</fieldset>
<fieldset>
<label for="jp-carousel-comment-form-url-field">Website</label>
<input type="text" name="url" class="jp-carousel-comment-form-field jp-carousel-comment-form-text-field" id="jp-carousel-comment-form-url-field">
</fieldset>
</div>
<input type="submit" name="submit" class="jp-carousel-comment-form-button" id="jp-carousel-comment-form-button-submit" value="Post Comment">
</div>
</form>POST
<form id="rfq-step0-form-new" action="" method="post">
<div>
<input name="option" value="com_requestforhelp" type="hidden">
<input name="task" value="step0_submit_ajax_ci" type="hidden">
<input name="return" value="https://www.digitalforensics.com/" type="hidden">
<input type="hidden" id="rh_customer_service_code" name="customer_service_code" value="">
</div>
<div class="request-help-inputs">
<div class="row">
<div class="col-xs-6 first-name">
<input id="txt_first_name_zero_new" name="txt_first_name" placeholder="First Name" data-validate-actions="required" data-error-message="First name" type="text">
<i class="fa fa-asterisk" aria-hidden="true"></i>
</div>
<div class="col-xs-6 last-name">
<input id="txt_last_name_zero_new" name="txt_last_name" placeholder="Last Name" type="text">
</div>
</div>
<div class="row">
<div class="col-xs-6 phone-number">
<input id="txt_phone_zero_new" name="txt_phone" placeholder="Phone" value="" data-validate-actions="phonefilter,required" data-error-message="Phone number" type="text">
<i class="fa fa-asterisk" aria-hidden="true"></i>
</div>
<div class="col-xs-6 zip-code">
<input id="txt_zip_zero_new" name="txt_zip" placeholder="ZIP Code" value="" data-validate-actions="required" data-error-message="Zip Code" type="text">
<i class="fa fa-asterisk" aria-hidden="true"></i>
</div>
</div>
<div class="row">
<div class="col-xs-12">
<input id="txt_email_zero_new" name="txt_email" placeholder="Email" value="" data-validate-actions="required,email" data-error-message="Email" type="text">
<i class="fa fa-asterisk" aria-hidden="true"></i>
</div>
</div>
<div class="row" id="row-big">
<div class="col-xs-12">
<textarea id="txt_details_zero_new" name="txt_details" placeholder="Tell us how we can help in detail"></textarea>
</div>
</div>
</div>
<div class="request-help-send"><a id="main_send_request_new" class="main_send_request_new" title="Request Help" href="/" rel="nofollow">REQUEST HELP</a></div>
</form><form id="zip-search-office-form" class="form-inline">
<div class="form-group">
<label for="your-location">Office Locator</label>
<div class="input-group">
<input id="input-zip" placeholder="ZIP Code" class="form-control" value="" data-validate-actions="checkZip,required" data-error-message="ZIP code" type="text">
<button class="input-group-addon" type="submit" id="submit-zip" onclick="searchLocalOffice(this.id);">
<i class="fa fa-search"></i>
</button>
</div>
</div>
</form>Text Content
MENU
×
Forensics Services
Computer ForensicsCell Phone ForensicsAutomotive ForensicsAudio Video
ForensicsForensics AccountingDeceased Person’s DataE-DiscoveryBusiness
ValuationFind Missing PersonVerify child communications
Cyber Security
Cyber Security ServicesData Breach ResponseWire fraudMedical Data BreachSpyware
DetectionElectronic Risk ControlOnline Identity TheftPenetration Testing
ServiceRansomware Attack
IP Theft
IP theftBusiness Partner TheftDisgruntled EmployeeSocial Media Monitoring
Litigation Support
Civil LitigationChild CustodyCriminal LitigationExpert Witness
TestimonyDivorceSubpoenasCrimes Against MinorsESI Discovery
About Us
Why Choose UsCertificationsCareers and EmploymentVideosContact us
Resource center
Career center
Request Help 800-849-6515
* Digital Forensics
* Forensics
Services
* Computer Forensics
Computer Forensics Services
Making complex data simple and compelling
* Digital Investigation
* E-Discovery
* Forensic Analysis
* Expert Testimony
* Forensics Reporting
* Cell Phone Forensics
Mobile Devices Investigations
From digital device to digital evidence
* Calls, web, chats history
* Contacts, text messages
* GPS Data
* Deleted Data
* Photos & Videos
* Automotive Forensics
Automotive Forensics Services
Unlock your vehicle's digital evidence potential
* Vehicle navigation info
* Cell phone usage or texting
* Onboard computer data
* Telematics Systems
* Audio Video Forensics
Audio Video Forensics
Forensic Analysis and Enhancement
* Audio, Video Authenticity
* Video Enhancement
* Image Analysis
* Photogrammetry
* Voice Identification
* Forensics Accounting
Forensic and Investigative Accounting
Investigating and analyzing financial records
* Damages quantification
* Identifying discrepancies
* Business valuation
* Insurance claim, cybercrime
* Deceased Person’s Data
Get Access to Data of Deceased
Gain access to the online accounts of deceased loved ones
* Establishing cause of death
* Civil or criminal litigation
* Insurance investigations
* Archiving the legacy of a loved one
* E-Discovery
E-Discovery You Can Rely On
Clear, precise evidence for a messy world
* Expert Consulting
* Cost Efficient
* Quality acquisition
* Emergency 24/7 Services
* Professionally documented
* Business Valuation
Business Valuation
Expert reports to suit your specific needs
* Cost-Effective
* Estimated Fair Market Value
* Near-term Cash Analysis3
* Risk Assessment
* Find Missing Person
Find Missing Person
We can locate people anywhere
* Work Across Jurisdictions
* Unlock Digital Evidence
* Wide-Ranging Online Searches
* Verify child communications
Verify Child Communications
Stop worrying and learn the truth
* See Communications
* Uncover Deleted Messages
* Check Browser History
* Background Checks on Suspects
* Cyber
Security
* Cyber Security Services
Cyber Security Service
Prevent, Detect, Respond To Cyberattacks
* Advisory
* Assessment
* Incident Response
* Penetration Testing
* Data Breach Response
Experiencing a Data Breach Incident?
First response is crucial. Every minute counts.
* Incident Analysis
* Investigate and Respond
* Prepare and Prevent
* Remediate and Restore
* Wire fraud
* Medical Data Breach
Suspect a PHI Data Breach?
The first response is critical to reduce liability
* Stop the active breach
* Investigate incident
* Reduce liability
* Report violations
* Spyware Detection
Is somebody spying on you?
Detection & Removing Spyware Services
* Cyber spying
* Employee monitoring
* Industrial espionage
* Malware
* Spy-phishing
* Electronic Risk Control
Protect Your Company
Reduce your electronic risk from digital transmittals
* E-Mails
* Internet
* Newsgroups
* Social media
* Online Identity Theft
Online Identity Verification
Find out who you are really talking to
* Avoid Scams
* Prevent Exposure
* Track Geolocations
* Identify Service Providers
* Learn the Truth
* Penetration Testing Service
Penetration Testing
Experienced, Confidential Services
* Internal and External Network Tests
* Web Application Tests
* OWASP Standards
* Vulnerabilities Identified
* Remediation Recommendations
* Ransomware Attack
Ransomware Attack
Swift, professional incident response
* Diagnose Ransomware
* Assess Damage
* Discover Vulnerabilities
* Secure Against Future Attackst
* IP
Theft
* IP theft
Intellectual Property Theft
Complicated cases require compelling digital facts
* Selling company data
* Theft of business data
* Concept or design theft
* Trade secret theft
* Business Partner Theft
FRAUD AND PARTNERSHIP DISPUTES
Find, recover and document digital evidence
* Partnership breakups
* Financial disputes
* Breach of a fiduciary duty
* Business dissolutions
* Disgruntled Employee
Issues with Disgruntled Employees?
Bring solid evidence before a judge
* Identify Persons Involved
* Identify Scope of the Theft
* Identify Relevant Devices
* Collect and Preserve Devices
* Social Media Monitoring
SOCIAL MEDIA AND BRAND MONITORING
Cases can be investigated using Social Media
* Personal Injuries Claims
* "Unused" Vacation Payouts
* Over-expenditure
* Brand Protection
* Litigation
Support
* Civil Litigation
Civil Litigation Services
Divorce, custody battles, and other
* Financial Information
* Establish Lifestyle
* Proof of infidelity
* Court-accepted report
* Child Custody
Child Custody
Win the most important battle of your life
* Obtain Powerful Evidence
* Show the Real Truth
* Reveal Character
* Criminal Litigation
Criminal Litigation
Everything you need
* Complete chain of custody
* Complete de-NISTing
* Unlock encrypted files
* Recover deleted files
* Court-accepted report
* Expert Witness Testimony
Expert Witness Services
Effective Expert Witness in Court
* Certified Experts
* Court-accepted reports
* Experience in federal, state, county courts, among others
* Divorce
Divorce
Evidence shows who is telling the truth
* Obtain Powerful Evidence
* Show the Real Truth
* Reveal Character
* Divide Assets Fairly
* Subpoenas
Subpoenas
Subpoena power yields strong evidence
* Find Evidence
* Unmask Anonymous Harassers
* Track Digital Footprints
* Crimes Against Minors
Crimes Against Minors
Digital evidence can build a strong defense
* Identify Exculpatory Evidence
* Build Case Strategy
* Review Metadata
* ESI Discovery
Discovery, Preservation & Imaging
Go to court with compelling digital evidence
* Court-ordered forensic imaging
* Metadata review
* Cloud account extraction
* Strategic case consultations
* About
Us
* Why Choose Us
* Certifications
* Careers and Employment
* Videos
* Contact us
* Resource center
* Career center
* Articles
*
Read More
Penetration Testing – A Crucial Step to Protect Your Business
Read More
5 Industries at High-Risk for Cyberattacks
Read More
What is Ransomware
Editor's Pick
Internet threats and children
Forensic analysis of instant messenger desktop applications
SIM cards Forensic Analysis with Oxygen Software
Mobile Forensics: Device Firmware Upgrade
Extracting data from damaged iTunes backups
Popular Now
Decrypting encrypted WhatsApp databases without the key
How to Make the Forensic Image of the Hard Drive
Extracting data from SmartSwitch backups
An Overview of Web Browser Forensics
Android forensic analysis with Autopsy
More
* News
*
Read More
DFC looking to hire an accountant
Read More
Digital Forensics Corp. Helps ‘Dr. Phil’ Solve A Mystery
Read More
What is Ryuk?
Editor's Pick
How to protect your smartphone from malware
Unlocking Locked LG Smartphones
Mobile forensic video portal
Oxygen Forensic® Detective 8.3.1 released
Replace your Mobile Forensic Tool with Oxygen Forensic® Detective
Popular Now
Unlock or decrypt an APFS drive
Digital Forensics Corp. Helps ‘Dr. Phil’ Solve A Mystery
Forensic Analysis of Telegram Messenger
New Windows artifacts: Background Activity Moderator (BAM)
What is Ryuk?
More
* How to
*
Read More
Get The Most From Your Security Cameras
Read More
How to update MacOS by Terminal
Read More
How to install Splunk Enterprise
Editor's Pick
Try a different filter
Popular Now
How to detect Mimikatz
Windows 10 Registry forensics
How to recover deleted SQLite records with Undark
How to capture memory dumps with Live RAM Capturer
Free Course: Incident Response and Advanced Forensics
More
* Books
*
Read More
Advanced Threat Analytics Playbook
Read More
Intelligence – Driven Incident Response
Read More
Contemporary Digital Forensic Investigations of Cloud and Mobile Applications
Editor's Pick
Try a different filter
Popular Now
Advanced Threat Analytics Playbook
Windows Management Instrumentation (WMI) Offense, Defense, and Forensic
Intelligence – Driven Incident Response
Contemporary Digital Forensic Investigations of Cloud and Mobile Applications
Data Hiding Techniques in Windows OS
More
* Software
*
Read More
ReversingLabs plugin for Autopsy
Read More
How to use sandboxes without technical skills
Read More
VMRay Analyzer
Editor's Pick
Forensic Software Updates
Oxygen Forensic® Detective v.8.4.1 released
Oxygen Forensic® Detective v.8.4 released
Oxygen Forensic introduces physical extraction from Android Spreadtrum
devices
Popular Now
UFED Phone Detective
Paladin 7 is online
OSXCollector – free Mac OS X forensics toolkit
Volatility plugin to extract BitLocker Full Volume Encryption Keys
Lists of memory forensics tools
More
* Webinars
*
Read More
Extracting Malware from an Office Document
Read More
Cellebrite Analytics
Read More
Elcomsoft Mobile Forensic
Editor's Pick
Try a different filter
Popular Now
Analyzing Extracted Mobile Data with UFED Reader
iPhone 6 Data Recovery From Dead Logic Board
Wireshark Advanced Malware Traffic Analysis
Using Python in Forensics
Free Windows 10 forensics online training
More
* Tips and Tricks
*
Read More
Has Your Computer Been Hacked? Know the Signs
Read More
Are Your Routers and Switchers Opening the Way for Hackers?
Read More
FBI Says Online Blackmail is on the Rise
Editor's Pick
Try a different filter
Popular Now
Forensic tools for your Mac
Extracting data from a locked Android device
How to recover deleted images from any iOS device
Forensic Analysis of Windows Event Logs (Windows Files Activities Audit)
PowerShell Cheat Sheet
More
Sections
* Articles
* News
* How to
* Books
* Software
* Webinars
* Tips and Tricks
Articles
Now Reading
How to Make the Forensic Image of the Hard Drive
Next
Prev
Contents
* Rating
* Full Article
* Comments
1
2
HOW TO MAKE THE FORENSIC IMAGE OF THE HARD DRIVE
Digital devices are an integral part of our lives. Therefore, digital evidence,
namely, evidence obtained from various digital devices, is increasingly used in
investigations in the corporation or law enforcement.
A feature of digital evidence is that it can be easily damaged or destroyed.
Often, this happens unintentionally. For example, when technical staff try to
restore the computer after an incident. A typical carrier of digital evidence is
a hard drive. Today we will consider: how to make the forensic image of the hard
drive by example of making a copy of the hard drive of the laptop.
Types of forensic copies:
There are two main types of forensic copies.
* Copy ‘drive to drive’ – when acquiring like this, the data from the hard
drive (digital source) is transferred to another one. If the destination
drive has a larger size, then the unused drive space is filled with zeros.
* Copy ‘drive to file’ – when acquiring like this, the data from the hard drive
(digital source) is transferred to a file located on another drive. This
creates a sector-by-sector copy of the hard drive under study. Usually, this
image has the format DD (RAW) or Encase (E01). The DD format is a file
containing a copy of the data of the examined hard drive and has a size
corresponding to the size of the hard drive. However, often the hard drive is
not full of files, even half. Therefore, the use of DD files results in the
purchase of a large number of hard drives to store the created files, which
leads to additional financial costs. Most often, when creating forensic
copies of hard drives, an Encase file is used. In this case, the acquired
data from the source drive is compressed (for example, in the case of
forensic accounting, the file size – forensic image of the hard drive of the
accounting computer can be 9 times smaller than the size of the source
drive). Forensic copies in the Encase format can significantly save disk
space on the computer of an incident investigation specialist or a computer
forensics expert. In addition to all of the above, the data in the Encase
image is protected from change. This is achieved in the following way: for
the first data block of this file, 64 KB in size, a hash is calculated, which
is used to encrypt the next 64 KB block. After that, for the last data block
of 64 KB size, a new hash is calculated which is used to encrypt the next
data block, etc. This method of data coding allows, in the subsequent, to
confirm the integrity of data extracted from the source drive or to reveal
the fact of making changes in the forensic image. In case of detection of the
fact of making changes, the compromised part of the data can be localized and
excluded from the study. At the same time, other parts of the forensic image
will be available for research and will not lose its evidentiary value.
Extracting the hard drive.
For our example, we will consider creating a forensic image of the FUJITSU
SIEMENS Amilo M3438G hard drive.
Fig. 1. Appearance of the laptop.
Extracting the hard drive from the laptop can present certain difficulties.
That’s why we recommend that you first find in the “Internet” network a video
that shows how to disassemble a particular laptop model so as not to damage it.
Usually, such a video can be found on request: “How to disassemble ‘laptop
model’ “.
Fig. 2. The results of the search query “How to disassemble M3438G”.
Typically, the laptop model is indicated on the label located on the bottom of
the laptop or in the battery compartment. When you remove the hard drive from
the laptop, remember that there can be more than one hard drive in the laptop.
There are models in which 4 hard drives are installed. Furthermore, an
additional hard drive may be installed into the compartment DVD-drive. We are
lucky. Only one hard drive is installed in our laptop.
Fig. 3. Ejected hard drive.
Creating the forensic image of the hard drive.
When creating forensic images of media, used hardware or software recording
blockers. This is done in order to exclude the possibility of accidental
modification of data on them. We will use the hardware lock WiebeTECH Forensic
UltraDock V5. This blocker emulates the functions of writing, moving, deleting
files on a connected hard drive for proper operation in a Windows environment.
In this case, in fact, no data on the source drive is changed.
Fig. 4. Appearance of the write blocker.
This blocker has the following advantages over others:
1. It automatically detects and unlocks hard drive areas such as ‘Device
Configuration Overlay’ (DCO) and ‘Host Protected Area’ (HPA).
2. If access to hard drive data is blocked by an ATA password, it displays
relevant information on its display.
To this blocker, you can connect hard drives with SATA and IDE interfaces. If
your laptop uses SSD hard drives, you will need an appropriate adapter to
connect its.
Fig. 5. Adapters for SSD drives.
We will use the program “Belkasoft Acquisition Tool” to create a forensic image.
This program is free. It is necessary to go to the address:
http://belkasoft.com/get and fill in a short form for its receipt. “Belkasoft
Acquisition Tool” is a universal utility that allows you to create forensic
images of hard drives, mobile devices, extract data from cloud storages. We
connect the extracted hard drive, using the write blocker to our computer and
run the “Belkasoft Acquisition Tool”. We will see the main window of the program
where we will be asked to choose the data source: hard drive, mobile device or
cloud storage.
Fig. 6. The main window of Belkasoft Acquisition Tool.
Click on the ‘Drive’. After that, a window will open, in which we will be asked
to choose: the device to be copied; specify the place where the forensic image
will be created; specify file name and format, etc.
Fig. 7. A window for selecting a drive to create its forensic image and setting
its parameters (location, name, format, etc.).
As you can see on Fig. 7, the hard drive, the forensic image of which we will
create, is connected as ‘PHYSICALDRIVE2’. We will create a file named
‘image.E01’, for which we calculate checksum SHA-1 and MD5. Calculation checksum
is necessary in order to confirm the authenticity of the forensic image from the
time it was created to the time of using evidence obtained from it. After that,
you need to click on the ‘Next’, which will start the process of creating a
forensic image of the hard drive.
Fig. 8. Display the process of creating a forensic image of the hard drive.
In the end, we get the file ‘image.E01’, which contains a forensic image of the
hard drive.
Conclusion.
In this article, we looked at the process of creating a forensic image of a hard
drive, using the example of a hard drive extracted from the laptop. They learned
about: what methods are used to extract a hard drive from the laptop; what
hardware devices are used to connect hard drive, when creating forensic images
of hard drives. We thoroughly acquainted with the process of creating a forensic
image of the hard drive.
Authors:
Igor Mikhaylov & Oleg Skulkin
Views: 70,486
RELATED
Posted In
Articles
Tags
Belkasoft, Belkasoft Acquisition Tool, computer forensics, DFIR, digital
forensic article, digital forensics, digital forensics article, digital
forensics software, digital image forensics, how to, imaging, windows 10
forensics, windows forensics
Belkasoft, Belkasoft Acquisition Tool, computer forensics, DFIR, digital
forensic article, digital forensics, digital forensics article, digital
forensics software, digital image forensics, how to, imaging, windows 10
forensics, windows forensics
You might also like
BelkasoftBelkasoft Acquisition Toolcomputer forensicsDFIRdigital forensic
articledigital forensicsdigital forensics articledigital forensics
softwareArticles
MORE
Read More
847
How to protect your smartphone from malware
Read More
438
Internet threats and children
Read More
870
MagiCube complex is used to extract data from smartphones
2 Comments
Leave a response
* Martin
2017-04-14 at 7:06 AM
E01 is just one subtype in Expert Witness Disk Image Format. And yes, it was
made popular by EnCase, but it is not EnCase format.
* Igor Mikhaylov
2017-04-14 at 8:15 AM
Expert Witness (for Windows) was the original name for EnCase (dating back
to 1998). The product was renamed because it intruded the Expert Witness
trademark held by ASR Data. The Encase image file format therefore is also
referred to as the Expert Witness (Compression) Format.
LEAVE A RESPONSE CANCEL REPLY
Connect with:
Save my name, email, and website in this browser for the next time I comment.
Δ
Previous
Understanding Mac OS full disk encryption
Next
Acquisition and Forensic Analysis of Apple Devices
Top Stories
Penetration Testing – A Crucial Step to Protect Your Business
2
5 Industries at High-Risk for Cyberattacks
3
What is Ransomware
2
Sextortion: How To Deal With This Growing Crime
44
DFC looking to hire an accountant
750
Digital Forensics Corp. Helps ‘Dr. Phil’ Solve A Mystery
2830
What is Ryuk?
2124
Governments vs. Hackers
600
Right Now
How to protect your smartphone from malware
Internet threats and children
Forensic analysis of instant messenger desktop applications
SIM cards Forensic Analysis with Oxygen Software
Mobile Forensics: Device Firmware Upgrade
DFRWS 2016 Forensics Challenge
DFRWS 2016 EU Agenda
Penetration Testing – A Crucial Step to Protect Your Business
5 Industries at High-Risk for Cyberattacks
What is Ransomware
Sextortion: How To Deal With This Growing Crime
DFC looking to hire an accountant
Digital Forensics Corp. Helps ‘Dr. Phil’ Solve A Mystery
What is Ryuk?
Top Five
Heat Index
SORT
1
Decrypting encrypted WhatsApp databases without the key
2
How to Make the Forensic Image of the Hard Drive
3
Extracting data from SmartSwitch backups
4
Forensic tools for your Mac
5
An Overview of Web Browser Forensics
Trending
Heat Index
SORT
Decrypting encrypted WhatsApp databases without the key
How to Make the Forensic Image of the Hard Drive
Extracting data from SmartSwitch backups
Forensic tools for your Mac
An Overview of Web Browser Forensics
Android forensic analysis with Autopsy
Creating a digital forensic laboratory: Tips and Tricks
Chip-off Technique in Mobile Forensics
Extracting WhatsApp database and the cipher key from a non-rooted Android device
How to use the EnCase Processor
Software write blockers overview
Extracting data from a locked Android device
Trending
Heat Index
SORT
Decrypting encrypted WhatsApp databases without the key
99220
How to Make the Forensic Image of the Hard Drive
30680
Extracting data from SmartSwitch backups
19039
Forensic tools for your Mac
16661
An Overview of Web Browser Forensics
14043
Android forensic analysis with Autopsy
13728
Creating a digital forensic laboratory: Tips and Tricks
8865
Sections
Articles
Books
How to
News
Software
Webinars
Books
Advanced Threat Analytics Playbook
Intelligence – Driven Incident Response
Contemporary Digital Forensic Investigations of Cloud and Mobile Applications
Second Edition of Learning iOS Forensics is Announced
Crypto 101: introductory course on cryptography
Windows Management Instrumentation (WMI) Offense, Defense, and Forensic
More
Video
SORT
Extracting Malware from an Office Document
Cellebrite Analytics
1234
1234
Copyright © 2022 Digital Forensics | Computer Forensics | Blog, All Rights
Reserved.
Posting....
Loading Comments...
Write a Comment...
Email (Required) Name (Required) Website
`
REQUEST HELP
Speak to a Specialist Now
GET HELP NOW
844.620.5044
REQUEST HELP
Thank you for contacting us.
Your Digital Investigator will call you shortly.
Office Locator
Click to Text Us!