Running FTK Imager from a Thumb drive or CD
At times you may be required to image a system that cannot be powered down for
the acquisition. This might be a server running vital applications or a workstation
from which you need certain files for preliminary investigation. You can run FTK
Imager from a thumb drive or a CD to create a disk image or to image certain
folders of a live system.
You can do this by either copying certain files from the installation of FTK Imager on
your computer, or by downloading FTK Imager Lite.
NOTE: It is possible to image a live system, but please use this option with caution. A
live system is constantly changing and the image you acquire will not be replicable.
FTK Imager will write to the system RAM and perhaps the hard drive page file during
the imaging process. In some cases this may keep evidence from being admissible in
court. Be aware of the risks of imaging a live system and make the decision carefully.
Using files from a previous installation of FTK Imager
If you already have FTK Imager installed on your computer you can copy certain files
from that installation to a thumb drive or burn them to a CD. The files are found at:
C:\Program Files\AccessData\AccessData FTK Imager
From this folder, copy the following files to your thumb drive or CD:
libxml2.dll (for any version of Imager higher than 2.4)
There are two dll's that are not required to run FTK Imager; however you will need
them for the LogiCube support.
Once you have copied the files you need, take the thumb drive or CD to the system
you need to image and run the FTK Imager.exe file to launch the program.
Using FTK Imager Lite
We also have a new installation of FTK Imager available on our website called FTK
Imager Lite. FTK Imager Lite contains the minimum files necessary to run FTK
Imager without installing it on your computer. Simply download the self-executable
file and unzip it to your thumb drive or the CD you are burning. Bring the thumb
drive or CD to the system you need to image and run the FTK Imager.exe file to
launch the program.
'Security > DigitalForensics' 카테고리의 다른 글
|Guide to Integrating Forensic Techniques into Incident Response (0)||2016.08.08|
|Guidelines for Evidence Collection and Archiving, rfc3227 (0)||2016.08.03|
|Running FTK Imager from a Thumb drive or CD (0)||2016.07.23|
|Registry Quick Find Chart, pdf (0)||2016.06.02|
|[Windows Forensic] FAT: General Overview of On-Disk Format (0)||2016.05.08|