EN, Search Security Resources and Information from TechTarget

What is a forensic image?

<p>A forensic image (forensic copy) is a bit-by-bit, sector-by-sector direct copy of a physical storage device, including all files, folders, and unallocated, free and <a href=”https://www.techtarget.com/whatis/definition/slack-space-file-slack-space”>slack space</a>. Forensic images contain all the files visible to the operating system (OS), as well as deleted files and pieces of files left in the slack and free space.</p>
<div class=”ad-wrapper ad-embedded”>
<div id=”halfpage” class=”ad ad-hp”>
<script>GPT.display(‘halfpage’)</script>
</div>
<div id=”mu-1″ class=”ad ad-mu”>
<script>GPT.display(‘mu-1’)</script>
</div>
</div>
<p>Forensic imaging is one element of computer forensics, which is the application of computer investigation and analysis techniques that forensic examiners use to gather digital evidence for presentation in a court of law.</p>
<p>Not all imaging and <a href=”https://www.techtarget.com/searchdatabackup/definition/backup”>backup</a> software creates forensic images. For example, Windows backup creates image backups that aren’t complete copies of the physical device. Forensic images can be created through specialized forensic tools, such as <a href=”https://www.techtarget.com/searchsecurity/tip/Use-software-forensics-to-uncover-the-identity-of-attackers”>forensic software</a>. Some disk imaging utilities not marketed for forensics also make complete <a href=”https://www.techtarget.com/whatis/definition/disk-image”>disk images</a>.</p>
<section class=”section main-article-chapter” data-menu-title=”Forensic imaging in cybersecurity”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>Forensic imaging in cybersecurity</h2>
<p>In the case of <a href=”https://www.techtarget.com/searchsecurity/definition/cybercrime”>cybercrime</a>, additional evidence might be discovered other than what’s available through an OS. This type of original evidence includes incriminating data that has been deleted to prevent <a href=”https://www.techtarget.com/searchsecurity/definition/electronic-discovery-e-discovery-or-ediscovery”>electronic discovery</a>. Unless the data is deleted securely and overwritten, it’s often recoverable with forensic or <a href=”https://www.techtarget.com/searchdisasterrecovery/definition/data-recovery”&

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from Search Security Resources and Information from TechTarget

Read the original article: