This can be attributed to the fact that it allows for faster acquisition of data, as well as it eliminates common errors of transcription by ensuring correctness and meaningfulness of the acquisition method to be used. It’s also necessary to validate data acquisition since this guarantees accuracy and consistency of the data to be acquired as described by Chu et al. (2011).
Failure to validate data acquisition not only makes data acquisition slow, but also increases the chances of data modification. Therefore, it makes it somewhat hard for the data to be verified or be admissible in a court of law, for instance. Essentially, there are several validation techniques in data acquisition, such as MD5, CRC-32, SHA-1, and SHA-512, which can be used in operating systems without built-in hashing algorithm tools designed for computer forensics (Chu et al., …show more content…
For example, when live acquisition technique is used, procedures that comprise of documenting all steps recommended for the technique applied, followed by imaging of the target evidence using a selected tool as long as the tool has full access to the system (Dykstra & Sherman, 2012). If the imaging software or tool cannot access the system, then decryption ought to be undertaken using the most appropriate decryption technique in order to remove cryptographic keys without modifying the data. A good example of a tool that can be used in acquisition for Linux data acquisitions is the Idetect, a tool that attempts to extract detailed information about active processes in a target storage system. Another forensic data acquisition tool is the Windows Memory Forensic Toolkit (WMFT), which allows for the analysis and acquisition of image files running Windows XP and Windows 2003 (Guo, Jin & Shang,