Main problem is that you do not use correct "critical error management" system. Solution is: 1. in case of bad sector you must know what sector is bad (to log bad sectors) 2. as a result of bad sector reading is not predicable, you should not use this sector in forensic examination 3. content of bad sector you should replace by defined "masking" characters (eg. "*", NULL, etc.)
If you will have this implemented, all will be foresically correct including hash values Regards Marian Svetlik Head of Computer Forensic Institute Risk Analysis Consultants [EMAIL PROTECTED]
