The Hard Drive As A Bit-For-Bit Forensic Image
You are given a PC and you are faced with this scenario: you don’t know the password to the PC which means you can’t login so you can use a forensic tool like FTK IMAGER to capture the hard drive as a bit-for-bit forensic image AND/OR
- The hard drive is either soldiered onto the motherboard (there are some new hard drives like this!) or cannot be removed because the screws are stripped (this has happened to me);
- Even if you figured out the password or got an admin password the PC may have its USB ports blocked via a GPO policy (this is very common in corporations now);
- Even if you can get the GPO policy overridden you may have some concerns about putting it on the network (which is true especially if you are dealing with malware).
So what you can you do? The best solution is to boot the PC up into forensically sound environment that lets you bypass the password aspect; GPO policy; etc and take a bit-for-bit image. One software that has done the job very well for me is Paladin.
The post The Hard Drive As A Bit-For-Bit Forensic Image appeared first on edubrained.