tailieunhanh - Guide to Computer forensics and investigations - Chapter 3: Data acquisition

Chapter 3 "Data acquisition", learning objectives of this chapter include: List digital evidence storage formats, explain ways to determine the best acquisition method, describe contingency planning for data acquisitions, explain how to use acquisition tools. | Chapter 3 Data Acquisition Guide to Computer Forensics and Investigations Fifth Edition Guide to Computer Forensics and Investigations Fifth Edition Chapter 3 Data Acquisition Guide to Computer Forensics and Investigations Fifth Edition Objectives List digital evidence storage formats Explain ways to determine the best acquisition method Describe contingency planning for data acquisitions Explain how to use acquisition tools Objectives List digital evidence storage formats Explain ways to determine the best acquisition method Describe contingency planning for data acquisitions Explain how to use acquisition tools Guide to Computer Forensics and Investigations Fifth Edition Objectives Explain how to validate data acquisitions Describe RAID acquisition methods Explain how to use remote network acquisition tools List other forensic tools available for data acquisitions Objectives Explain how to validate data acquisitions Describe RAID acquisition methods Explain how to | Chapter 3 Data Acquisition Guide to Computer Forensics and Investigations Fifth Edition Guide to Computer Forensics and Investigations Fifth Edition Chapter 3 Data Acquisition Guide to Computer Forensics and Investigations Fifth Edition Objectives List digital evidence storage formats Explain ways to determine the best acquisition method Describe contingency planning for data acquisitions Explain how to use acquisition tools Objectives List digital evidence storage formats Explain ways to determine the best acquisition method Describe contingency planning for data acquisitions Explain how to use acquisition tools Guide to Computer Forensics and Investigations Fifth Edition Objectives Explain how to validate data acquisitions Describe RAID acquisition methods Explain how to use remote network acquisition tools List other forensic tools available for data acquisitions Objectives Explain how to validate data acquisitions Describe RAID acquisition methods Explain how to use remote network acquisition tools List other forensic tools available for data acquisitions Guide to Computer Forensics and Investigations Fifth Edition Understanding Storage Formats for Digital Evidence Data in a forensics acquisition tool is stored as an image file Three formats Raw format Proprietary formats Advanced Forensics Format (AFF) Understanding Storage Formats for Digital Evidence Data in a forensics acquisition tool is stored as an image file Three formats Raw format Proprietary formats Advanced Forensics Format (AFF) Guide to Computer Forensics and Investigations Fifth Edition Raw Format Makes it possible to write bit-stream data to files Advantages Fast data transfers Ignores minor data read errors on source drive Most computer forensics tools can read raw format Disadvantages Requires as much storage as original disk or data Tools might not collect marginal (bad) sectors Raw Format Makes it possible to write bit-stream data to files Advantages Fast .