Which command-line utility can create a forensic image of a hard disk with write protection?

DD is a powerful command-line utility commonly used in forensic investigations to create byte-for-byte copies of data from storage devices, such as hard disks. One of its key features is that it can operate at a low level, meaning it accesses the disk directly and can create a complete image, including unallocated spaces, partition tables, and file system structures.

In forensic contexts, ensuring the integrity and originality of evidence is paramount. DD can create images with write protection, meaning it can read data from a source disk without altering it, thus preserving the original evidence for further analysis. This capability is crucial in investigations where maintaining the authenticity of the data is required to uphold its evidentiary value in legal proceedings.

Other options, such as COPY, XCOPY, and MOVE, are general file management commands that do not possess the specialized functionality needed for creating disk images in a forensic context. They typically work at the file level rather than the block level and do not implement write protection measures necessary to safeguard the integrity of the source data during the imaging process.