Ftk Imager Handling
Zur Navigation springen
Zur Suche springen
Download
Install
- tar -C /usr/local/sbin -xvzf ftkimager.3.1.1_ubuntu64.tar.gz
Image erstellen
- ftkimager /dev/sdb /root/share/forensic/opfer --e01 --case-number 01 --evidence-number 01 --description secure.local.forensic --examiner tw --notes first-run
Beschreibung
| /dev/sdb | Quelle |
| /root/share/forensic/opfer | Ziel |
| --e01 | Format |
| --case-number 01 | Fallnummer |
| --evidence-number 01 | Beweisnummer |
| --description secure.local.forensic | Beschreibung |
| --examiner tw | Ermittler |
| --notes first-run | Notizen |
Resultat
- ls
opfer.E01 opfer.E01.txt
- cat opfer.E01.txt
Case Information:
Acquired using: ADI3
Case Number: 01
Evidence Number: 01
Unique description: secure.local.forensic
Examiner: tw
Notes: first-run
--------------------------------------------------------------
Information for /root/share/forensic/opfer:
Physical Evidentiary Item (Source) Information:
[Device Info]
Source Type: Physical
[Drive Geometry]
Cylinders: 2610
Heads: 255
Sectors per Track: 63
Bytes per Sector: 512
Sector Count: 41943040
[Physical Drive Information]
Drive Model: VBOX HARDDISK
Drive Serial Number: VB18564db3-30f8dabe
Source data size: 20480 MB
Sector count: 41943040
[Computed Hashes]
MD5 checksum: cca8e23d99e50878ce5ad5f7cca0abe3
SHA1 checksum: 50dd6908d572a534d6a2322e44587bbe4aa4f47a
Image Information:
Acquisition started: Thu Aug 12 10:29:36 2021
Acquisition finished: Thu Aug 12 10:31:56 2021
Segment list:
/root/share/forensic/opfer.E01