Preliminary acquisition information gathering on computer data storage: open source software (OSS) vs. FIRST DiskImager

A proper preliminary acquisition information gathering on computer data storage device plays a very important role in the early computer forensics stages. The results from this process will help investigators to obtain precise specific information on device geometry, hidden partition metadata, unknown file systems and ambient data sectors. Commonly, computer forensics investigator will be using open source software (OSS) such as DD, FDISK, DISKTYPE and SLEUTHKITS to capture this tedious process. However, commanding these tools is quite heavy for most forensic investigators. Poor result documentations, confusing analysis and not user friendly are some of weakness to be prompted. Such factors may give an impact in producing concrete evidences if were not handled carefully. This paper will be discussing the experiment results performed the FIRST DiskImager and the adopted OSS tools when conducting preliminary acquisition information gathering. The experiment is tested using 2 simple approaches of data storage device detection and offset identification.