Running FTK Imager from a Thumb drive or CD

   

   

Running FTK Imager from a Thumb drive or CD

At times you may be required to image a system that cannot be powered down for

the acquisition. This might be a server running vital applications or a workstation

from which you need certain files for preliminary investigation. You can run FTK

Imager from a thumb drive or a CD to create a disk image or to image certain

folders of a live system.

You can do this by either copying certain files from the installation of FTK Imager on

your computer, or by downloading FTK Imager Lite.

   

NOTE: It is possible to image a live system, but please use this option with caution. A

live system is constantly changing and the image you acquire will not be replicable.

FTK Imager will write to the system RAM and perhaps the hard drive page file during

the imaging process. In some cases this may keep evidence from being admissible in

court. Be aware of the risks of imaging a live system and make the decision carefully.

   

Using files from a previous installation of FTK Imager

   

If you already have FTK Imager installed on your computer you can copy certain files

from that installation to a thumb drive or burn them to a CD. The files are found at:

C:\Program Files\AccessData\AccessData FTK Imager

   

From this folder, copy the following files to your thumb drive or CD:

   

FTK Imager.exe

cximage.dll

IsoBuster.dll

libxml2.dll (for any version of Imager higher than 2.4)

   

There are two dll's that are not required to run FTK Imager; however you will need

them for the LogiCube support.

   

msvcr71.dll

MD5Remote.dll

   

Once you have copied the files you need, take the thumb drive or CD to the system

you need to image and run the FTK Imager.exe file to launch the program.

   

Using FTK Imager Lite

We also have a new installation of FTK Imager available on our website called FTK

Imager Lite. FTK Imager Lite contains the minimum files necessary to run FTK

Imager without installing it on your computer. Simply download the self-executable

file and unzip it to your thumb drive or the CD you are burning. Bring the thumb

drive or CD to the system you need to image and run the FTK Imager.exe file to

launch the program.

   

   

   

   

   

techdoc.Running_FTK_Imager_from_a_thumb_drive_or_CD.en_us.pdf