Skip navigation

Static acquisition with an open-source tool

Static acquisition with an open-source tool: Learning Computer Forensics
Static acquisition with an open-source tool: Learning Computer Forensics

Join for an in-depth discussion in this video Static acquisition with an open-source tool, part of Learning Computer Forensics.

Resume Transcript Auto-Scroll
Skill Level Intermediate
1h 57m
Duration
331,604
Views
Show More Show Less

Q: Which operating systems support built-in write blocking?

A: Microsoft introduced the registry concept into its OS with the release of Windows 95. As a result, registry-based write blocking has been available since then. In this course, we tested registry-based write blocking on both Windows 7 and Windows 8.
 
If for whatever reason your OS doesn’t support registry-based write blocking, you can enable software-based write blocking via a forensics software suite such as EnCase. Finally, If all fails, you can always use hardware write blockers.

Q: Are there other ways to access deleted files in the usbimage.001 file?

A:  When opening the usbimage.001 file in Autopsy and trying to recover the deleted file (i.e. dreamCar.jpg), as shown the chapter 5 movie “Searching,” if you don’t see the deleted file in the Data Sources tree, you can still view and extract the deleted file in the Views tree as shown below.
 
faq2.jpg

Skills covered in this course
IT and Hardware IT

Continue Assessment

You started this assessment previously and didn't complete it. You can pick up where you left off, or start over.

Start Your Free Trial Now

Start your free trial now, and begin learning software, business and creative skills—anytime, anywhere—with video instruction from recognized industry experts.

Start Your Free Trial Now