here is something I posted on Forensic Focus recently. It is not an online investigations topic, but one I thought might be of interest to my readers. Comments as aloows are apprceciated.
By Todd G. Shipley and Bryan Door
(A complete copy of this white paper and its figures and diagrams can be found at www.nfdrtc.net).
WHAT WE HAVE BEEN TAUGHT
Imaging of hard drives has been the main stay of the “Science” part of digital forensics for many years. It has been articulated by many, including us, that we “forensically” image a hard drive to get that “Bit for bit” image of the ENTIRE contents of a hard drive. That concept is drilled into digital examiners in every class, vendors have built tools around that concept and the National Institute of Technology and Standards (NIST) has built a whole department (website included) around proving the science of hard drive imaging.
But what if all of this was not correct? What if you testified in court, “I imaged the entire drive and verified the process by producing a hash value that matched…
View original post 3,224 more words