I was recently asked to provide an evidentiary hard drive backup for a law firm. At first, I agreed without hesitation but then I began to worry. I was simply going to use a program like Arconis True Image to plug in the drive to my rig and do a drive to drive copy. However, I began to wonder if this would truly provide a "forensic" copy of the drive given that by plugging it in to my computer I would be accessing the drive, however slightly. Is there a true blue forensic method or is a simple disc clone/image the same? Does anyone have a recommendation for a good all-around solution for this kind of operation? Thanks and Happy Holidays!

First read this to gain a better understanding of what the lawyer meant by Forensic Imaging - the technical term for "evidentiary hard drive backup." Next google for Forensic imaging software or Forensics-based imaging systems and opt for only those that are certified by the law enforcements to be Court admissible. Lastly the difference between disc cloning (as provided by Arconis) and forensic imaging is that for the latter the entire drive contents are imaged to a file and checksum values are calculated to verify the integrity (in court cases) of the image file, whereas the former is typically used to replicate the contents of the hard drive for use in another system. i_Xp/VistaUser

Just out of curiosity (since I have NO clue), wouldn't the Firm need to have Law Enforcement collect the evidence using a Warrant? Or, is just requesting it enough? Life's more painless for the brainless.

I had the same questions and more. When the law firm's client contacted me, the client was still using the computer and nobody had collected anything. The lawyer himself did not use the term forensic or evidentiary, rather I gathered that this is probably what they are looking for given the request. The "chain of custody" (note my limited CSI-watching understanding of such things) is seemingly unimportant in this particular case. Thanks for the help!