Question

^{Task 3: Research Project}

You’re investigating a case involving a 2 GB drive that you need to copy at the scene. Describe the three types of acquisitions – physical, logical, and sparse that you can use to copy the drive accurately. Be sure to include your software and media choices.

Deliverable: Write a 300-500 word report that outlines standard investigation management and data validation methods.

Answer 1

Here in this case or investigation, I need to copy a hard disk of 2GB in order to gather the data present in the hard disk. So, copying of the dard disk can be done in several ways:

Copying the data by transferring the data to the physical system. Using an USB the hard disk can be copied easily. This is actually the traditional mode of copying the data. Moreover, this mode is also very secure as there is no intermediate medium is required to perform the copy operation and even the operation can be done quite faster as compared to other modes of the same operation.

Secondly, the entire copy operation can be performed using the internet. This is actually a logical mode of copying the data where the usage of internet helps in the copy operation. So, what happens is that the data is being uploaded to the investigation department's online drive and then uploading the entire data in it. This mode is basically an alternative of all the approaches because this mode of operation is quite time consuming as well as depends upon the internet bandwidth to upload the data.

Thirdly, the investigator can make use of applications such as TeraCopy, File Fisher etc. These applications are feature rich application. It actually copies the file with very high accuracy and precision. The biggest benefit of these applications is that you can pause the copy operation at any point and from that point you van even resume the operation.