Forensic image of Hard drive
I need to make a forensic image of each HDD of a group of our employees' desktop computers; I need the same for their smartphones. What equipment and/or software do I need to makes these images without removing the drives?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The best solution was more strategic than tactical. I appreciated the comments as to what software/hardware would help me, but the most practical advice was to engage a contractor who could fulfill forensic tasks that would hold up in court.
Thanks to Everybody! -Max
Thanks to Everybody! -Max
The software options are to help in suggestion on what you asked - ".. equipment and/or software do I need to makes these images without removing the drives?" instead.
Just posting this link to another question on EE:
https://www.experts-exchange.com/questions/28195120/forensics-seizure-and-imaging-documentation.html
I found this to be interesting and potentially relevant from one of the accepted solutions:
Accepted Solution
by:SirtenKen
Comment posted 2013-07-25
Comment Utility
This document is a good start at identifying issues that surround investigations:
http://www.nist.gov/customcf/get_pdf.cfm?pub_id=50875
The kinds of information you gather would serve to:
identify the equipment
maintain a chain of custody
provide for authentication of the evidence
ensure that nothing has changed since the evidence was collected (MD5 or SHA1 hash values as reported by the imaging tool)
Digital forensic exams in general are well covered by the Department of Justice:
http://www.nij.gov/topics/forensics/evidence/digital/welcome.htm
One of the documents there even has sample reports:
https://www.ncjrs.gov/pdffiles1/nij/199408.pdf
For the basics of imaging, AccessData's FTK imager tool is often used.
Here is a video on how to use it, which could be used to help create documentation for your organization: http://www.youtube.com/watch?v=39f2WV-8SKg&list=TL14cEkMlzXEM
https://www.experts-exchange.com/questions/28195120/forensics-seizure-and-imaging-documentation.html
I found this to be interesting and potentially relevant from one of the accepted solutions:
Accepted Solution
by:SirtenKen
Comment posted 2013-07-25
Comment Utility
This document is a good start at identifying issues that surround investigations:
http://www.nist.gov/customcf/get_pdf.cfm?pub_id=50875
The kinds of information you gather would serve to:
identify the equipment
maintain a chain of custody
provide for authentication of the evidence
ensure that nothing has changed since the evidence was collected (MD5 or SHA1 hash values as reported by the imaging tool)
Digital forensic exams in general are well covered by the Department of Justice:
http://www.nij.gov/topics/forensics/evidence/digital/welcome.htm
One of the documents there even has sample reports:
https://www.ncjrs.gov/pdffiles1/nij/199408.pdf
For the basics of imaging, AccessData's FTK imager tool is often used.
Here is a video on how to use it, which could be used to help create documentation for your organization: http://www.youtube.com/watch?v=39f2WV-8SKg&list=TL14cEkMlzXEM
Dd or dcfldd are rudimentary tool for creating forensically sound device images. Mostly only for non Windows, no GUI, but fast and straightforward.
There is another on FTKImager and MPE from AccessData
http://www.hackingarticles.in/step-by-step-tutorial-of-ftk-imager-beginners-guide/
https://accessdata.com/products-services/mobile-solutions