Professional Documents
Culture Documents
Evidence Collection
2. Types of Acquisition
and Data Collection
Methods
3. Contingency planning
4. RAID Forensics
Disadvantages.
– Non-portable across different tools
– File size limitation for each segmented volume
Design goals
– Offers compression & segmentation with metadata
– File extensions include .afd for segmented image files and .afm for AFF metadata
B. Creating a disk-to-disk
• When disk-to-image is not possible
Software Tools
– Safe Block
• https://www.forensicsoft.com/safeblock.php
– NIST Software Write Blocker
• https://www.cftt.nist.gov/software_write_block.htm
Validation techniques
– CRC-32, MD5, and SHA-1 to SHA-512
Two cases
– If full RAID volume is imaged on non-RAID media, no
additional processing is required
RAID Tools
– RAID Reconstructor (Runtime Software)
– R-Studio
Drawbacks
– Antivirus, antispyware, and firewall tools can be
configured to ignore remote access programs
– Suspects could easily install their own security tools that
trigger an alarm to notify them of remote access
intrusions
Output: