May, 2006

Laptop Imaging Simplified

by Chetan Gupta, NII Consulting

How many times in an investigation does a forensic investigator come across the problem of acquiring data from a suspect’s laptop? The answer to this question would be ‘many times’. Whenever such a situation arises, the investigator is usually in a dilemma as to whether he should open the laptop, take out the hard disk, connect it to IDE-to-USB converter and then perform the duplication or should he try to do it without opening the laptop. The preferrable choice usually is the latter one in which the investigator acquires the suspect disk over the network. Choosing the first option could lead to the laptop/hard disk getting damaged or the warrantly of the laptop being rendered void.

Read the full article »

January, 2006

Disk Imaging Approaches

by Chetan Gupta, NII Consulting

Evidence Collection is the heart and soul of the Forensics process. It becomes even more important if the evidence needs to be produced in a court of law. After the investigator has assessed the situation and determined a response strategy, he would move on to acquire the image of the suspect system. The investigator’s best bet is to have a defined methodology for creating an image in a forensically sound manner. The most difficult part of forensic duplication is having the appropriate cabling and hardware

Read the full article »

Next entries » ·