Device Imaging

The general accepted Rules of Evidence in a court proceeding requires that the evidence remain unaltered from the time it was seized and properly secured until that item or items are introduced into any court of law. The basic principles and goals of seizing digital evidence, let it be fixed disks or removable media, is to acquire an exact duplicate copy of that device. This is achieved by using a variety of specialized hardware and software tools that are tested and validated before each use with the concept of preserving the evidence and not altering it. In the imaging process, one must display redundant practices by hashing the original device that is being imaged, creating a hash of that image, and hashing the original device again in order to validate that nothing has been altered/changed during the process. Hashing a piece if digital media is like someone’s latent fingerprint but in the form of a digital signature. Each hash has its own identity. In digital forensics, the most commonly used hashes are MD5 (Message-Digest Algorithm), SHA1 (Secure Hash Algorithm 1) and SH256.

This is for the client that doesn’t want to draw attention to workplace, business or home but needs a piece of digital media imaged. It’s easy, contact us at Tec Inquiries and one of our staff members will provide you with step by step instructions on how send us your digital device or devices that follow Chain of Custody (COC) protocols.