Ftk Imager Handling: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
| Zeile 37: | Zeile 37: | ||
=Resultat= | =Resultat= | ||
*ls | *ls | ||
| − | + | opfer.E01 opfer.E01.txt | |
| − | *cat | + | *cat opfer.E01.txt |
<pre> | <pre> | ||
Case Information: | Case Information: | ||
Version vom 12. August 2021, 08:33 Uhr
Download
Install
- tar -C /usr/local/sbin -xvzf ftkimager.3.1.1_ubuntu64.tar.gz
Image erstellen
- ftkimager /dev/sdb /root/share/forensic/opfer --e01 --case-number 01 --evidence-number 01 --description secure.local.forensic --examiner tw --notes first-run
Beschreibung
| /dev/sdb | Quelle |
| /root/share/forensic/opfer | Ziel |
| --e01 | Format |
| --case-number 01 | Fallnummer |
| --evidence-number 01 | Beweisnummer |
| --description secure.local.forensic | Beschreibung |
| --examiner tw | Ermittler |
| --notes first-run | Notizen |
Resultat
- ls
opfer.E01 opfer.E01.txt
- cat opfer.E01.txt
Case Information: Acquired using: ADI3 Case Number: 01 Evidence Number: 01 Unique description: secure.local.forensic Examiner: tw,ng Notes: first-run -------------------------------------------------------------- Information for /share/forensic/win10: Physical Evidentiary Item (Source) Information: [Device Info] Source Type: Physical [Drive Geometry] Cylinders: 6527 Heads: 255 Sectors per Track: 63 Bytes per Sector: 512 Sector Count: 104857600 [Physical Drive Information] Drive Model: VBOX HARDDISK Drive Serial Number: VB5ace20dd-ef3d9b78 Source data size: 51200 MB Sector count: 104857600 [Computed Hashes] MD5 checksum: 6b73c19fe0d71af2acf91ee3310006cb SHA1 checksum: 7d235bb67f42065ca4c01948b3d25fd75a566c95 Image Information: Acquisition started: Tue Aug 3 21:06:40 2021 Acquisition finished: Tue Aug 3 21:24:39 2021 Segment list: /share/forensic/win10.E01