A Beginner’s Guide to do the Forensic Image — Logicube Forensic Falcon

  • What is Forensic Image ?
  • What is Logicube Forensic Falcon?
  • Basic preparation for image.
  • Start to image !

What is Forensic Image?

What is Logicube Forensic Falcon?

  • Imaging and verifying to multiple image formats. Such as native or mirror copy, dd image, e01, ex01 (e01 and ex01 with compression) and file-based copy.
  • Supporting SHA1, SHA256 or MD5 and dual-hash (MD5+SHA-1) authentication.
  • Supporting EXT4 or NTFS destination file format.
  • Multiple imaging ports.
  • Multiple imaging ports.Image Restore.
  • Encryption

Basic preparation for image.

Photo 1 _ photo by Kenny Wu
Photo 2 _ photo by Kenny Wu

Start to image !

Photo 3_ photo by Kenny Wu

A. Select mode.

Photo 4_ photo by Kenny Wu

B. Select the source of drive/file.

Photo 5_ photo by Kenny Wu

C. Fill out the contents of settings .

  • In Case information, you can fill in what you want. For example, if we received the project named TAIPEI 101, then we can named it as TA101. Then we will set Case/File Name and Case ID as TA101, and set Evidence ID as TA101A.(It’s up to examiner~!!)
  • In “Clone method”, “HPA/DCO/TRIM”, “Error handling” and “Hash/Verification” settings, all of them should use the method what the project need.
Photo 6_ photo by Kenny Wu
References: Disk Image Content Model and Metadata Analysis, Harvard Library(2016)

D. Select the destination of drive/file.

Password and Encryption Settings

Photo 7_ photo by Kenny Wu




Digital Forensic Engineer ; Wine tasting

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Call Center Software Convoque is Capable for work from home in Covid.

Where to Find The Realistic App Development Cost | Code Brew Labs

Skynet and Domain Names

Long Term Mobile App Strategy — The Development Approach

Enable Azure SQL Server vulnerability assessment using Terraform

How to deal with a cyclic foreign key constraint using PostgreSQL?

Data Vault’s XTS pattern on Snowflake

How to change the name of the existing VM name, OSdisk name, and network interface name.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Falcon K

Falcon K

Digital Forensic Engineer ; Wine tasting

More from Medium

Without the Aid of Intermediate Ideas

Dealing with scars from the past.

I got to visit Mumbai’s iconic Restricted location:

Cloning of Vedix.com Website: