What is a Forensic Image?

by | Nov 9, 2017 | Blog

Forensic image
A question our forensic IT experts are often asked is, What is a forensic image? Put simply, a forensic image is a copy of unaltered electronic information. An image file can contain a single file or an entire hard drive. Obtaining a forensic image is a crucial first step to any digital forensic investigation, and if it is not done properly you may have your evidence deemed inadmissible. Choosing an expert third party to create the forensic image not only ensures proper procedures and protocols are followed, but it can also help you avoid accusations of evidence tampering or spoliation.

What Type of Forensic Image Should You Choose?

There are three main methods of forensic imaging: physical, logical, or targeted. The benefits and disadvantages of each depend on the particulars of your case.

  • Physical – A physical image of a hard drive captures all the ones and zeroes contained on the drive. It also captures the deleted space on the drive (even if it has been recently formatted), deleted files and file fragments. Therefore a physical image of a 500 GB drive will yield a resulting image file of 500 GB. This the most thorough type of forensic image. It is useful for cases where you suspect evidence has been deleted or tampered with and where metadata is an important factor.
  • Logical – A logical image of a hard drive captures all “active” data. Typically deleted files, space and file fragments will not be captured. So if a logical image is made of a 500 GB drive, but only 50 GB contains active files, the resulting image will be 50 GB. This is perfect for cases where you are concerned only with the information contained on the drive.
  • Targeted – Sometimes you know the exact set of files or documents you need for your case. Those files can then be selectively copied to an image file in what is referred to as a targeted collection. This can greatly decrease costs and labor as you have a much smaller data set to work with from the beginning.

Expert Forensic Imaging from Precise

In our modern world, electronic data plays a factor in nearly every case, from criminal to civil. Trust your case to the experienced digital forensics team at Precise. From remote collections to expert witness testimony, we can assist you with every aspect of digital forensics for your case. For more information about our forensic imaging services, call us today at 866-277-3247.