homework4_acquisition

Homework4_acquisitio - Now I will have to be quick and since is the victims computer is XP I would have to change the registry to turn off the

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon
Jose L Ortiz Jr. February 22, 2009 Assignment 4 Data acquisition To recover data from a 10GB hard drive in a short amount of time there are a few options that can take place. First I have two types of methods: static acquisition and live acquisitions, now I wont be using the live acquisition since the hard drive is not encrypted. Second I would have to decide if am going to use a disk to image file, create a disk to disk copy, logical disk to disk, or disk to data file. In this case I would go with the disk to image file since is the most common and is the most flexible. I would also consider the logical acquisition method or sparse method since to just collect the Outlook PST files along with some of the unallocated data using sparse acquisition.
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Background image of page 2
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: Now I will have to be quick and since is the victims computer is XP I would have to change the registry to turn off the write function to USB devices so I wont comprise the data. I will not be the most simplest, straight forward software like ProDiscover or AccessData FTK Imager. Another option and now most forensics investigators can have the access to have a personal portable travel data acquisition equipment like ImageMASSter Solo-3 Forensic Kit, that supports different drives and can take the data and make it into different formats and the transfer data at speeds greater than 3GB/min . which with the 10GB hard drive it should take just a few minutes....
View Full Document

This note was uploaded on 12/09/2009 for the course CS 431,430,48 taught by Professor Scher,statica during the Spring '09 term at NJIT.

Page1 / 2

Homework4_acquisitio - Now I will have to be quick and since is the victims computer is XP I would have to change the registry to turn off the

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online