#MOUNT A DRIVE IN PRODISCOVER BASIC FULL#
However, sometimes persistent data is stored using, for example, a full disk encryption solution and there is no access to the decryption key. Persistent data: This data remains intact after media is powered off.Volatile data: This data will be lost when media is disconnected from power.In general, we have two types of data for investigation:.It depends on the situation since each incident and the circumstances around it is unique. One of those is the type of data.Sometimes we have no choice and we have to image the media while it is connected and powered on.The imaging therefore, can be done while the digital media is powered off and the media is outside the original computer.Also, if the imaging were to be done on the original computer while it is powered, there is a chance of missing hidden data or getting interference during imaging from rootkits.Hardware write blockers are normally preferred however, they are not always available.Write blockers could be hardware or software.To guarantee that no change has would occur to the original digital media, using write blockers is recommended.Various dd-based utilities such as dcfldd, which is also capable of generating hash at the end of process.A program called dd, which was originally a Unix utility.
When imaging is done, a process called hashing generates a hash to ensure that the image and original media are the same.The image is just a file which can be handled easily.Creating an exact copy of the original digital media that investigators can examine is commonly referred to as making a bitstream image or simply the imaging process.Therefore, the first step is to create an exact duplicate of the media to be examined.Working directly on the original evidence (e.g., hard disk of a computer) in any forensic data recovery operation or computer forensic investigation is not allowed as the investigation can make irrecoverable changes to the source data.
#MOUNT A DRIVE IN PRODISCOVER BASIC FREE#
Free Digital Forensic Investigation Tools and Live CDs For Digital Forensics.Imaging in Digital Forensics- Dead Imaging vs.