From the course: CompTIA Advanced Security Practitioner (CASP+) (CAS-004) Cert Prep

Unlock this course with a free trial

Join today to access over 24,200 courses taught by industry experts.

Imaging tools

Imaging tools

- In this lesson, we're going to discuss disk imaging tools that are used to create a forensically sound disk image of a hard drive or other storage device. Now, there are two common software imaging tools that are used by instant responders and forensic analysts. This is the dd utility and the FTK imager, and we're going to discuss both of these in this lesson. Now, when you create a forensically sound disk image, this requires a bit by bit copy of the original drive that's being collected for evidence, including its slack space and unallocated space, since all of those areas of the original drive could contain hidden or deleted files that may serve as evidence in your investigation. You can't simply use the copy command in the Linux Shell or the drag and drop or copy paste options inside of Windows because those are not considered forensically sound and it will cause your evidence to be considered invalid. So it's always important to use a forensically sound software imaging tool or…

Contents