Digital Forensic SIFTing – Mounting EWF or E01 evidence image files

Digital Forensic SIFTing – Mounting EWF or E01 evidence image files.

Introduction :

Over the past few years, many investigators are realizing that having to convert an image from one format to another is sometimes painful and extremely time consuming and fairly unnecessary at this point. Using a tool such as FTK Imager, seen below, is an example of converting an image from E01 to RAW format that could take hours and take up more storage than is necessary. There are many reasons that an investigator would like to examine the raw image. For me, I usually like to have access to the raw system for file carving, direct examination of the files, and utilization of free/open source tools such as log2timeline.

More read here.

Advertisements

2 Comments

  1. Online computer forensics covers a wide area of data investigation and retrieval. It can involve internet crimes, email abuse and trading of intellectual property, to name a few.

  2. Can I start a blog that has recording of bad customer service?


Sorry, the comment form is closed at this time.

Comments RSS