Homework‐ Forensic Images Research Questions - tylerguybern/Tylerguybern GitHub Wiki

Question-1: What is a digital forensic image?

To break this down I want to start by giving a brief understanding of what forensic science is; forensic science is a the idea of using the scientific method and applying it to criminal cases. Forensic science is a makeup of many things but some examples are fingerprint scans, ballistics, crime scene sketches, etc. Digital forensics is a section within forensic science that helps identify the reporting of digital inconsistencies. An example of digital forensics would be an examiner making a case against an unidentified user trying to hack into a system to steal its information or data.

Question-2: What is "proprietary forensic image format" and what is "raw forensic image format"?

Proprietary forensic image format is a helpful tool that allows for certain types of software that can read and identify data. The proprietary format is designed so that there is only a specific type of software that can be able to read this data, no other software system will be able to work. The example the article gives is 'if a company in a few years were toi disappear and no one had access to the software used then the data would be locked forever." (https://www.sciencedirect.com/topics/computer-science/proprietary-format#:~:text=A%20proprietary%20format%20relies%20on,that%20format%20and%20lost%20forever.) Raw forensic image format is a way for photographers to contain certain amounts of images through the original data. This format is generated so that every detail is actually the same as the original photograph taken. Best way to look at it is that its the exact replica to the original copy. Nothing has been altered, and it is the physical data of the photographed image.

Question-3: What is a write-blocker and how is it used during imaging a hard disk?

A write blocked is a unique tool used with helping to prevent from unknown users from gaining access to certain data. It allows for read only access that helps with the users from compromising the information being presented. It also is helpful with making sure that the drive cannot be obtained by the user when this mode is activated. It is used during imaging a hard disk by investigators so that when they are being examined it prevents any data from the disk to the user that is viewing the data from allows a data write to occur. It almost acts as a middle man so that certain information cannot be obtained.