AiOwares
Cloning a disk - Printable Version

+- AiOwares (https://www.aiowares.com)
+-- Forum: Cyber & Forensics (https://www.aiowares.com/forumdisplay.php?fid=65)
+--- Forum: Digital Forensic Analysis (https://www.aiowares.com/forumdisplay.php?fid=68)
+--- Thread: Cloning a disk (/showthread.php?tid=1456)



Cloning a disk - Bl4ckCyb3rEnigm4 - 11-27-2019

First step is to create a clone to be sure the information over the original disk remain untouched, so we will use the clone disk for all the forensics operation we will do. For make a clone there are Linux distros made for that operation like Deft or CAINE(this distro is used from law enforcement). You can use also any Linux distribution but why relay on a not specific distro? That two I mentioned are free and have the option to mount a disk how read only and most important is the possibility to use them without installing because they can be used from live. Here there are the officials sites:
Code:
CAINE:
https://www.caine-live.net/

Deft:
http://na.mirror.garr.it/mirrors/deft/

http://na.mirror.garr.it/mirrors/deft/zero/ (This is the updated version of the distro)

Demonstration of the use of guymager:
https://www.youtube.com/watch?v=OzfpSILHuhQ
Why do you need a clone? Simple. You need a clone because in that way you can do all theĀ forensics tasks and if something went wrong you will not make the evidence invalid for the court. The evidence is useless if you can't use it in court.


RE: Cloning a disk - MaskedUser - 11-28-2019

Absolutely Correct Clone of Disk Untouched as Evidence.