Farheen's activity of using the DD tool to create a sector-by-sector mirror image of the original disk is

an example of system preservation. This process is crucial in digital forensics for creating an exact

copy of a storage device to ensure that the original data remains unchanged during the investigation.

By making a forensic duplication, or image, of the disk, Farheen ensures that the static data on the

disk is preserved in its current state for thorough analysis, without altering the original evidence. This

step allows investigators to work with a precise replica of the data, protecting the integrity of the

original evidence.

Reference:The Incident Handler (ECIH v3) certification materials discuss various methods and tools

for data acquisition and preservation, highlighting the importance of system preservation in the

initial stages of forensic analysis.