Forensic Data Acquisition

  • forensics recovery ottawa
  • technology
  • forensic

Data acquisition - acquiring data for forensic analysis

In computer forensics, data acquisition is the process of collecting digital evidence from electronic media: hard drives, solid state drives (SSD), memory cards (SD, CF), mobile devices (iPhone, iPad, Android phones and tablets, Blackberry phones).

Static acquisition

Static acquisition is performed while the media is disconnected from the host (i.e. computer is not running). This method utilizes a use of special forensic tools for sector by sector media cloning. A MD5 or SHA-1 hash is produced for validation of the forensic image.

Live acquisition

Live acquisition is a task of acquiring data while the system is running. It is used more commonly due to data encryption. Most of the time, you have only one chance to create a reliable forensic evidence with data acquisition tools. Live acquisitions are performed from suspect computer that cannot be turned off for static acquisition. In this case, data is collected either remotely over the network or from the local computer while it is still operating. Live acquisitions are dynamic, as sectors are continually being altered by the Operating System.

RAID Server acquisition

Acquiring RAID disks is a task that requires special tools and techniques. Not every tools is able to read a forensically copied RAID image, thus it is important that a proper acquisition tool is used for RAID acquisitions.

Proper forensics acquisitions must be validated with MD5 or SHA-1 hashing functions.

Computer Forensics for businesses and individuals

Copyright © 2004-2023 Data Recovery Ottawa. All rights reserved.
Terms & Conditions | Privacy Policy | Site Map
Data Recovery Ottawa is a Registered Legal Trade Name of Data Recovery Ottawa Inc.