Ftk Imager Handling: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
| Zeile 13: | Zeile 13: | ||
|Quelle | |Quelle | ||
|- | |- | ||
| − | |/share/forensic/ | + | |/root/share/forensic/opfer |
|Ziel | |Ziel | ||
|- | |- | ||
| Zeile 28: | Zeile 28: | ||
|Beschreibung | |Beschreibung | ||
|- | |- | ||
| − | |<nowiki>--examiner tw | + | |<nowiki>--examiner tw</nowiki> |
|Ermittler | |Ermittler | ||
|- | |- | ||
| Zeile 34: | Zeile 34: | ||
|Notizen | |Notizen | ||
|} | |} | ||
| + | |||
=Resultat= | =Resultat= | ||
*ls | *ls | ||
Version vom 12. August 2021, 08:32 Uhr
Download
Install
- tar -C /usr/local/sbin -xvzf ftkimager.3.1.1_ubuntu64.tar.gz
Image erstellen
- ftkimager /dev/sdb /root/share/forensic/opfer --e01 --case-number 01 --evidence-number 01 --description secure.local.forensic --examiner tw --notes first-run
Beschreibung
| /dev/sdb | Quelle |
| /root/share/forensic/opfer | Ziel |
| --e01 | Format |
| --case-number 01 | Fallnummer |
| --evidence-number 01 | Beweisnummer |
| --description secure.local.forensic | Beschreibung |
| --examiner tw | Ermittler |
| --notes first-run | Notizen |
Resultat
- ls
win10.E01 win10.E01.txt
- cat win10.E01.txt
Case Information: Acquired using: ADI3 Case Number: 01 Evidence Number: 01 Unique description: secure.local.forensic Examiner: tw,ng Notes: first-run -------------------------------------------------------------- Information for /share/forensic/win10: Physical Evidentiary Item (Source) Information: [Device Info] Source Type: Physical [Drive Geometry] Cylinders: 6527 Heads: 255 Sectors per Track: 63 Bytes per Sector: 512 Sector Count: 104857600 [Physical Drive Information] Drive Model: VBOX HARDDISK Drive Serial Number: VB5ace20dd-ef3d9b78 Source data size: 51200 MB Sector count: 104857600 [Computed Hashes] MD5 checksum: 6b73c19fe0d71af2acf91ee3310006cb SHA1 checksum: 7d235bb67f42065ca4c01948b3d25fd75a566c95 Image Information: Acquisition started: Tue Aug 3 21:06:40 2021 Acquisition finished: Tue Aug 3 21:24:39 2021 Segment list: /share/forensic/win10.E01