Forensics and Law Enforcement
From Just Solve the File Format Problem
(Difference between revisions)
Dan Tobias (Talk | contribs) |
Dan Tobias (Talk | contribs) |
||
| Line 12: | Line 12: | ||
See also [[Law]] | See also [[Law]] | ||
| + | |||
| + | == Links == | ||
| + | * [https://archive.org/details/ShmooCon2014_You_Dont_Have_the_Evidence ShmooCon 2014 - You Don't Have the Evidence (January 2014) (video)] | ||
Revision as of 22:32, 8 February 2014
In the course of investigations, detectives sometimes need to preserve digital information. These are formats used in this process. See also Disk Image Formats. In contrast to those raw disk images, forensic formats also store various metadata as well as hash tables to track the origin of data and ensure it is not altered after the fact.
- Advanced Forensics Format (AFF)
- Digital Evidence Bag (DEB)
- EnCase hash map (Expert Witness)
See also Law
