Friday, June 5, 2015

Forensic Imaging and their Formats - The Advanced Forensic Format (AFF)

Forensics imaging is the process of making an exact copy of a hard drive and or some other type of media. During the process, every 0 and 1 on the original disk/media is copied to the target disk/media. Prior to performing imaging, the destination drive must be zeroed or blanked (, 2009). 

The Advanced Forensic Format (AFF) is an open source flexible and extensive image format which allows for metadata to be stored with images. It also consumes less space than images in other formats since it utilizes compression. (Garfinkel, Malan, Dubec, Stevens, & Pham).

The image below shows an image being acquired with the AFF extension using GUYMAGER.

