Digital Forensic Acquisition

One of the key aspects of conducting digital forensics pertains with the proper collection and authentication of the evidence.  If the evidence is not collected properly, there is a very good chance the results of the examination will be questioned.  Following digital forensic best practices, we typically conduct our examination on copies, often referred to as “forensic images” of the original evidence.  By doing so, the original data is protected from alteration and can be used to verify authenticity of an analysis.
Some of the popular software that can be used to conduct disk imaging are:
1. AccessData Imager
2. LinEn
3. Knoppix
4. Helix
5. DD
