PING (Partimage is Not Ghost) is a Linux-based LiveCD for backing up your system by making an image of the hard drive (or smaller partitions, if you have them). In other words, you boot a simplified version of Linux (it doesn’t matter what operating system you normally use on the computer–just pop the CD in the drive and turn the computer on) from the CD drive. It allows you to make an exact copy of any drive or partition on the computer without booting up the operating system on the computer (which can alter the data). It just copies everything to a file that you can store anywhere and that should adequately preserve electronic evidence on a small scale.
Most importantly, it is easy enough to use that you should be able to burn a copy to CD and send it home with your client (with an external hard drive for the image file) so that they can make the hard drive image themselves, which keeps you out of the chain of evidence. (Don’t make this decision without carefully considering the issues and the disadvantages of doing it yourself.)
PING is also a fantastic backup tool. Unlike a regular backup, PING makes a copy of the drive. If you just back up your files and your computer dies, you have to re-install Windows, update it, install all your software, and then restore your files once you are back up and running. With PING, just restore the image to the new hard drive, re-activate Windows, and go. You’ll save hours (or days) of recovery time.
[photo: Chance Agrella]