It is important to realize that data acquisition may be performed not only on hard disks, but also across other devices that have the storage capacity, few of which are listed as follows:įTK Imager has the ability to collect and analyze each of these devices.ĭuring an investigative process, we must look at these items because they may have relevant evidence, not often found in hard disks.įTK Imager makes a bit-for-bit duplicate image of the media, avoiding accidental manipulation of the original evidence.
IMAGE SYSTEM RAM USING ACCESSDATA FTK IMAGER ON LINUX HOW TO
You will also be shown how to operate FTK Imager as well as an overview of all the features to understand the process of acquiring digital devices, which is considered one of the most critical factors. This chapter discusses working with evidence using FTK Imager, allowing you to accomplish the creation of forensic images that meet your exact needs. You can download FTK Imager as well as other products at. It allows a preanalysis of the data, information search, and the collection of volatile data such as RAM, along with other features that will be covered through this chapter. To ensure the integrity of the data collected, it creates exact copies (forensic images), known as bit-to-bit or bit stream.įTK Imager is a powerful, free tool. Working with FTK ImagerįTK Imager is a free tool that can be downloaded from AccessData on its website, mainly used for conducting acquisition of digital media. Computer Forensics with FTK (2014) Chapter 2.
0 kommentar(er)
