<p>A forensic image (forensic copy) is a bit-by-bit, sector-by-sector direct copy of a physical storage device, including all files, folders, and unallocated, free and <a href=”https://www.techtarget.com/whatis/definition/slack-space-file-slack-space”>slack space</a>. Forensic images contain all the files visible to the operating system (OS), as well as deleted files and pieces of files left in the slack and free space.</p>
<div class=”ad-wrapper ad-embedded”>
<div id=”halfpage” class=”ad ad-hp”>
<script>GPT.display(‘halfpage’)</script>
</div>
<div id=”mu-1″ class=”ad ad-mu”>
<script>GPT.display(‘mu-1’)</script>
</div>
</div>
<p>Forensic imaging is one element of computer forensics, which is the application of computer investigation and analysis techniques that forensic examiners use to gather digital evidence for presentation in a court of law.</p>
<p>Not all imaging and <a href=”https://www.techtarget.com/searchdatabackup/definition/backup”>backup</a> software creates forensic images. For example, Windows backup creates image backups that aren’t complete copies of the physical device. Forensic images can be created through specialized forensic tools, such as <a href=”https://www.techtarget.com/searchsecurity/tip/Use-software-forensics-to-uncover-the-identity-of-attackers”>forensic software</a>. Some disk imaging utilities not marketed for forensics also make complete <a href=”https://www.techtarget.com/whatis/definition/disk-image”>disk images</a>.</p>
<section class=”section main-article-chapter” data-menu-title=”Forensic imaging in cybersecurity”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>Forensic imaging in cybersecurity</h2>
<p>In the case of <a href=”https://www.techtarget.com/searchsecurity/definition/cybercrime”>cybercrime</a>, additional evidence might be discovered other than what’s available through an OS. This type of original evidence includes incriminating data that has been deleted to prevent <a href=”https://www.techtarget.com/searchsecurity/definition/electronic-discovery-e-discovery-or-ediscovery”>electronic discovery</a>. Unless the data is deleted securely and overwritten, it’s often recoverable with forensic or <a href=”https://www.techtarget.com/searchdisasterrecovery/definition/data-recovery”&
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: