Linux Today: Linux News On Internet Time.

Window Kit: Investigating Windows Systems With Linux

Nov 20, 2008, 18:03 (0 Talkback[s])
(Other stories by Hans-Peter Merkel, Markus Feilner)

"Before starting any forensic analysis, it is important to create a copy of the storage medium you will be investigating, either as a 1:1 copy or as an image or a collection of images. You can copy the medium as a raw image (with dd) or use a format such as Expert Witness Format (EWF)."

Complete Story

Related Stories: