Forensicopy
is designed to copy evidence files from one location to another while
maintaining the original timestamps (MAC Times). It also creates a hash of all
the files before and after the copy process and verifies that the file has been
copied accurately. A extensive logfile is generated during the copy process in
order to maintain the chain of custody.
Please
note:
Forensicopy is designed to copy evidence files. It’s not a substitute for a forensic image. If possible you should always create a full forensic drive image. Only in situations where it’s not possible to create a forensic image it’s recommended to make a forensic copy with a tool like Forensicopy.
First of all we are copying a file from one location to
another, while copying the timestamp will change.
As you will see below.
So copying forensic file, the timestamp should remain the same.
To do so we are using Forensicopy tool.
In Forensicopy tool, browse the file which is to be copied
in source directory.
Browse the path for folder where file will be copied and
click on start.
It will show the message for copy completion and ask for log
file to be exported.
Now we will see the properties of the copied file. Its
timestamp will remain the same.
After
log file creation, we will open the log file; it will show us the timestamp of
start copy, finish copy, source, and destination of all the Files in that
folder. The timestamp will remain the same.
0 comments:
Post a Comment