| <<< Rootkits | Index | Forensic Wipe >>> |
Digital investigators rarely know exactly what information the disks will contain.
A bitstream copy duplicates everything from the source disk, including areas of the disk storage outside of the original file system reach.
Some digital evidence is guaranteed to be lost unless a bitstream copy is made.
Examples of bitstream copy utilities:
UNIX dd
FTK Imager
EnCase
WinHex
| <<< Rootkits | Index | Forensic Wipe >>> |