This area should be copied also, it may contain hidden data.
Few tools support reading HPA.
we can use the hdparm tool to temporarily access it (a reboot will restore the HPA).
hdparm
as a precautionary measure, we should make the first forensic copy with HPA in place.
The removal of the DCO is permanent, so as a precautionary measure, we should make the first forensic copy with DCO in place.
Few tools support reading DCO areas.
Last updated 2 years ago