The Hard Drive As A Bit-For-Bit Forensic Image
You are given a PC and you are faced with this scenario: you don’t know the password to the PC which means you can’t login so you can use a forensic tool like FTK IMAGER to capture the hard drive as a bit-for-bit forensic image AND/OR
- The hard drive is either soldiered onto the motherboard (there are some new hard drives like this!) or cannot be removed because the screws are stripped (this has happened to me);
- Even if you figured out the password or got an admin password the PC may have its USB ports blocked via a GPO policy (this is very common in corporations now);
- Even if you can get the GPO policy overridden you may have some concerns about putting it on the network (which is true especially if you are dealing with malware).
So what you can you do? The best solution is to boot the PC up into forensically sound environment that lets you bypass the password aspect; GPO policy; etc and take a bit-for-bit image. One software that has done the job very well for me is Paladin.
attachment
PALADIN-BONUSASS
What Students Are Saying About Us
.......... Customer ID: 12*** | Rating: ⭐⭐⭐⭐⭐"Honestly, I was afraid to send my paper to you, but splendidwritings.com proved they are a trustworthy service. My essay was done in less than a day, and I received a brilliant piece. I didn’t even believe it was my essay at first 🙂 Great job, thank you!"
.......... Customer ID: 14***| Rating: ⭐⭐⭐⭐⭐
"The company has some nice prices and good content. I ordered a term paper here and got a very good one. I'll keep ordering from this website."