Manualshelf

User Manual

ManualsBrandsO&O ManualsComputers & TabletsO&O - DiskImage 15 Professional (1 User/Device) - Windows [Digital]
31323334353637383940
User's guide O&O DiskImage Select imaging method
Direct forensic
Note:
Please note that direct forensic imaging of an active operating system is only possible if our
snapshot driver is installed. It will otherwise not be possible to create a consistent image.
Direct forensic imaging is a special case. The difference, however, lies in data being read over deep
system interfaces. As with regular forensic imaging, a complete copy of a source drive will be
created. This makes it possible to, among other things, image an encrypted hard disk using
encryption software.
Please note that direct forensic imaging is intended for imaging encrypted disks using encrypted
data. This data remains encrypted even after the image is restored. If the source drive being used is
an encrypted drive, only sector-based restoration is possible. The file-based restoration or browsing
of such an image is not possible. In addition, spanned volumes (stripped/spanned) are also excluded
from this, since the logical link here between the regions is taken over by the operating system.
Direct forensic imaging makes no sense if the drives are not encrypted. Here we recommend
forensic imaging because all sectors of the drive, including the sectors marked as free, will be
included in the image.
37 / 235