달력

12

« 2019/12 »

  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  •  
  •  
  •  
  •  

   

   

Running FTK Imager from a Thumb drive or CD

At times you may be required to image a system that cannot be powered down for

the acquisition. This might be a server running vital applications or a workstation

from which you need certain files for preliminary investigation. You can run FTK

Imager from a thumb drive or a CD to create a disk image or to image certain

folders of a live system.

You can do this by either copying certain files from the installation of FTK Imager on

your computer, or by downloading FTK Imager Lite.

   

NOTE: It is possible to image a live system, but please use this option with caution. A

live system is constantly changing and the image you acquire will not be replicable.

FTK Imager will write to the system RAM and perhaps the hard drive page file during

the imaging process. In some cases this may keep evidence from being admissible in

court. Be aware of the risks of imaging a live system and make the decision carefully.

   

Using files from a previous installation of FTK Imager

   

If you already have FTK Imager installed on your computer you can copy certain files

from that installation to a thumb drive or burn them to a CD. The files are found at:

C:\Program Files\AccessData\AccessData FTK Imager

   

From this folder, copy the following files to your thumb drive or CD:

   

FTK Imager.exe

cximage.dll

IsoBuster.dll

libxml2.dll (for any version of Imager higher than 2.4)

   

There are two dll's that are not required to run FTK Imager; however you will need

them for the LogiCube support.

   

msvcr71.dll

MD5Remote.dll

   

Once you have copied the files you need, take the thumb drive or CD to the system

you need to image and run the FTK Imager.exe file to launch the program.

   

Using FTK Imager Lite

We also have a new installation of FTK Imager available on our website called FTK

Imager Lite. FTK Imager Lite contains the minimum files necessary to run FTK

Imager without installing it on your computer. Simply download the self-executable

file and unzip it to your thumb drive or the CD you are burning. Bring the thumb

drive or CD to the system you need to image and run the FTK Imager.exe file to

launch the program.

   

   

   

   

   

techdoc.Running_FTK_Imager_from_a_thumb_drive_or_CD.en_us.pdf


 

Posted by codedragon codedragon

댓글을 달아 주세요

   

   

   

   

   

   

   

   

   

   

   

'Security > DigitalForensics' 카테고리의 다른 글

Regshot 2.0.1.xx unicode  (0) 2015.01.01
Regshot-레지스트리 분석 도구  (0) 2014.12.31
FTK Imager 설치  (0) 2014.12.30
FTK Imager-Forensic ToolKit  (0) 2014.12.29
Volume Shadow Copy 클라이언트 프로그램  (0) 2014.12.28
rhdtool-실행하기  (0) 2014.12.26
Posted by codedragon codedragon

댓글을 달아 주세요

   

FTK Imager-Forensic ToolKit

http://accessdata.com/product-download

   

FTK Imager

   

녹색 버튼 클릭

   

녹색 버튼 클릭

   

   

 

   

받은 메일을 통해 FTK Imager 도구 다운로드

   

   

   

직접 다운받기

AccessData FTK Imager 3-3-0.zip.001

AccessData FTK Imager 3-3-0.zip.002

AccessData FTK Imager 3-3-0.zip.003

AccessData FTK Imager 3-3-0.zip.004


'Security > DigitalForensics' 카테고리의 다른 글

Regshot-레지스트리 분석 도구  (0) 2014.12.31
FTK Imager 설치  (0) 2014.12.30
FTK Imager-Forensic ToolKit  (0) 2014.12.29
Volume Shadow Copy 클라이언트 프로그램  (0) 2014.12.28
rhdtool-실행하기  (0) 2014.12.26
rhdtool-숨겨진 데이터 제거, install  (0) 2014.12.25
Posted by codedragon codedragon

댓글을 달아 주세요