Forensicopy is designed to copy evidence files from one location to another while maintaining the original timestamps (MAC Times). It also creates a hash of all the files before and after the copy process and verifies that the file has been copied accurately. A extensive logfile is generated during the copy process in order to maintain the chain of custody.
Forensicopy is designed to copy evidence files. It’s not a substitute for a forensic image. If possible you should always create a full forensic drive image. Only in situations where it’s not possible to create a forensic image it’s recommended to make a forensic copy with a tool like Forensicopy.
First of all we are copying a file from one location to another, while copying the timestamp will change.
As you will see below.
So copying forensic file, the timestamp should remain the same. To do so we are using Forensicopy tool.
In Forensicopy tool, browse the file which is to be copied in source directory.
Browse the path for folder where file will be copied and click on start.
It will show the message for copy completion and ask for log file to be exported
Now we will see the properties of the copied file. Its timestamp will remain the same.
After log file creation, we will open the log file; it will show us the timestamp of start copy, finish copy, source, and destination of all the Files in that folder. The timestamp will remain the same.
Author: Mukul Mohan is a Microsoft Certified System Engineer in Security and Messaging .He is a Microsoft Certified Technology Specialist with high level of expertise in handling server side operations based on windows platform. An experienced IT Technical Trainer with over 20 years’ Experience. You can contact him at [email protected]