Running FTK Imager from a Thumb drive or CD At times you may be required to image a system that cannot be powered down for the acquisition. This might be a server running vital applications or a workstation from which you need certain files for preliminary investigation. You can run FTK Imager from a thumb drive or a CD to create a disk image or to image certain folders of a live system. You can..

Registry Quick Find Chart 목차 common locations in the Windows and Windows Internet-related registries where you can find data of forensic interest. • NTUSER.DAT Information on page 2 • SAM Information on page 19 • SECURITY Information on page 21 • SOFTWARE Information on page 21 • SYSTEM Information on page 28 직접 다운받기

USBDeview USB 정보를 분석할 수 있는 도구 http://www.nirsoft.net/utils/usb_devices_view.html 다운로드하기 페이지 하단부분에서 Download 링크 클릭 직접다운로드

Hardware White Paper FAT: General Overview of On-Disk Format Contents Notational Conventions in this Document.................... 6 General Comments (Applicable to FAT File System All Types)......................................... 6 Boot Sector and BPB ................................................... 6 FAT Data Structure .................................................... 12 FAT Type Determ..

Mitec Windows Registry Recovery Portable http://www.mitec.cz/wrr.html 실행화면 직접다운로드

HxD Hex Editor and Disk Editor http://mh-nexus.de/en/hxd/ 다운로드 페이지 하단 쯤에 있는 Download page링크 클릭 http://mh-nexus.de/en/downloads.php?product=HxD 직접 다운로드 HxD Hex Editor 설치하기 http://codedragon.tistory.com/2688