Digital Forensic ~ Organizing Your Analysis

Organizing the evidence is very important, you don’t want the evidence to be mixed with other files right? That would be a big problem because the data or the metadata of the evidence will be changed. And, guess what? That will make the evidence become useless because it won’t be considered a valid evidence.

We need to make a special directory to place all evidence of a case.

# mkdir evidence

And then, because forensic analysis is mostly dealing with the image of a disk like this http://www.linuxleo.com/Files/practical.floppy.dd we must create a mount point directory to mount the image.

# mkdir /mnt/analysis

I know this is very simple, but believe me this, organized files will help you a lot performing the analysis better and faster.