The Advantages And Disadvantages Of Forensic Imaging
Topics: computer forensics, forensic imaging, disc imaging, computer-based evidence, image verification
The investigation of crimes involving computers is not a simple process. In the vast majority of cases, the assistance of a computer forensic expert is required to extract information for an electronic device without corrupting or contaminating the original data, which could render any evidence recovered inadmissible in a court of law.
The requirement for an auditable approach to the analysis of digital data is set out by the Association of Police Officers (ACPO) guidelines for the handling of computer-based evidence. These guidelines outline rules for every step of the process - from crime scene and seizure protocol through to analysis, storage and reporting - to ensure evidential continuity and integrity.
Because the preservation of evidence in its original state is so vital, computer forensic experts use a process known as forensic disc imaging, or forensic imaging, which involves creating an exact copy of the computer hard drive in question. This is not a case of copying files from one drive to another, rather it is the process of copying the exact state of every piece of data of the drive, so that artefacts such as registry entries - which record information pertaining to activities performed on the computer such as a connection and disconnection of an external storage device - and even apparently ‘deleted’ files are copied exactly to the new image.
Creating a perfect forensic image of a hard drive can be very time consuming and the greater storage capacity of the drive, the greater the time required. The method used to extract the data is also a factor, so with a ‘FireWire’ connection, imaging may occur at a rate of approximately 1 gigabit (GB) per minute, but using specialist hardware, this rate could rise to an average of 4GB per minute. This means that imaging a 1 terabyte (TB) drive, currently available for purchase for less than 80 GBP, would take around five to 18 hours to complete.
However, copying the data is only half of the imaging procedure, the second part of the process is to verify the integrity of the copy and to confirm that it is an exact duplicate of the original. Image verification takes a similar amount of time to imaging, effectively doubling the time taken to complete the imaging process. And if any inconsistencies are located, the process must begin again from scratch, meaning that a failed first attempt at imaging a 1TB drive would mean that the full imaging and verification process could take 20 to 72 hours to complete.
While forensic imaging is a vital process to ensure that evidential continuity and integrity is preserved, the time consuming nature of the process can put investigations under pressure, particularly in cases of kidnap or terrorism where a delay in recovering evidence could have disastrous consequences. And this is a problem that seems unlikely to be solved in the short term, because as new technologies are developed to increase the speed with which a drive can be imaged, so too grows the storage capacity available to the average consumer.
IntaForensics a BS EN ISO 9001:2000 registered firm providing Computer Forensics, Expert Witness, Mobile Phone Forensics, and Forensic Data Recovery to the Legal Sector, Police Forces, Local Authorities and Commercial organisations internationally. Visit www.intaforensics.com.
Previous Articles Highlighter:
Website Design Guidelines For Forms - Preventing Lost Conversions (1)
They should do everything possible to help your customer fill them out, holding their hand and guiding them where necessary, and doing things for them when appropriate. For example, put the cursor in the first form field when users arrive at the page so they don't have to click on it.
Why Business Should Have Disaster Recovery Solution Plans In Place (2)
If the business is a small company just starting up, the best bet is to hire a team of IT experts to make a quick inventory and present the management with their conclusions.
Removing Spyware Problems - Freeware Programs (3)
Then, it spreads the information in the background of some users. It can also gather information about e-mails, credit card numbers and even passwords. A Spyware Doctor is a program of Microsoft Windows that can remove unwanted spywares.
Internet Marketing Success - Laying The Groundwork For Great Landing Pages (4)
Your definition of conversion will seem obvious to you once it is stated, but having it as a clear, stated part of the plan will help guide the website design and your online marketing agency's actions with regards to the page.
Tips On Selecting Securing Payment Gateway Services (5)
Instead, they are more about security and validation. Most payment gateway service providers help ensure that the buyer's information is safe by encryption, validates the data, decrypts it and sends to the merchant account.
How Do I Reduce My Electric Bill For Free? - 4 Practical Tips You Should Start Doing Now (6)
And yes, that mainly includes your TV set and the laptop or personal computer that's always turned on most of the time during the day. The Author is very interested in the technology of alternative forms of electrical production.
Why Electrical Estimating Software Is A Must (7)
Since all new software applications take time to become comfortable with, the company you choose to go with should offer online support as well as training seminars as needed. -- Can it be updated?
How Visitors Experience Landing Page Website Design (8)
Your web page is not going to be useful to every person that clicks on it. This simple fact of life cannot be changed by the best search engine optimization, the most thorough market research or the best web analytics on the globe.
Some Of The Basics Of Rubber Keypad Technology (9)
-- Polycarbonate key tops that can be used with either rubber or mechanical switches; these are essential for use in harsh conditions where normal rubber simply won't hold up. No matter what type of application, there is a rubber keypad technology that will fill the bill.
How To Upgrade Your Computer's Video Card Driver (10)
First, you need to find out what kind of video card you have by right clicking on the My Computer icon, which can be typically found on your desktop or by clicking on start and finding it in the menu.
Newer Articles Highlighter:
See A Little More Clearly With Night Vision Goggles (1)
They add more mobility and flexibility. The Benefits of Night Vision Goggles Perhaps you have already read some of the advantages of using goggles over binoculars or other scopes.
Looking At Digital Photo Recovery (2)
Digital cameras are something that most of us own these days, as they take professional quality photos. Anytime that it appears you have lost your pictures, you can turn to software and professional recovery services to get your pictures backward.
Finding The Best Photo Printer (3)
This is a changing market and models and pricing change quickly. Also be aware that although the printer may seem cheap when you go to purchase you need to also consider the costs of printed ink and paper as you sometimes find certain manufacturers will reduce the price of the printers knowing that they will make it on the printer cartridges and paper moving forward.
Get To Know More About A Night Vision Camera (4)
What are the choices available? Can you create your own device? These and more will be answered right now. What You Get? There are plenty of homes and offices that are using simply because the owners understand the advantages of having one in the area: 1.
Where To Go For Data Recovery (5)
This way, you'll have everything you want just in case something happens that can't be fixed. It isn't difficult to create a backup, and you should always backup your data at least once a week.
A Pen Drive Guide To Beginners (6)
Pen drives are very useful for network administrators for keeping backups of every work. They can easily store configuration information in it and load them when needed to other drives.
How To Extend The Life Of Your Night Vision Monocular (7)
It could be that the lenses are already accumulating dust or there are smudges. Before and after use, make sure that you can get a clean tissue or cloth to wipe any dirt that stick on your monocular.
Different Ways To Connect To Your Printer (8)
Nowadays we have more ways to connect to their printers, which is making it simpler and also cheaper. I say cheaper because when you purchased a printer that needed a serial cable very rarely was actually supplied the product, which meant he would have to fork out about another $20 for this.
Anti-Spyware Kit - Spyware Blocker (9)
Some says it is a virus that annoys Internet users. It actually helps gather information on a particular user and distributes it to others. Spyware can get into the computer upon installing new programs.
Recycling Your Cell Phone (10)
Recycle your mobile phone - you'll feel better about it. Learn more about recycling and going green at www.thegogreenblog where Michelle authors great posts about green living and saving the environment.
Permalink to The Advantages And Disadvantages Of Forensic Imaging