Thanks so much, this was really amazing. Not only am I interviewing for a CSIRT position on Friday, but tomorrow I'm helping someone clean up her computer as part of her divorce, and recovering some files might be required! And I have old drives I want to try and recover files from too. I look forward to seeing more of your videos.
Thanks! Also check out Introduction to KAPE (th-cam.com/video/pZRrZAJif8Q/w-d-xo.html), which is basically a follow-up to this episode. Using KAPE is now the preferred way to create triage images.
Is the a way to set a default custom content sources? like if you have a core data you want to gather each time and automate the data acquisition using FTK?
Thanks so much, this was really amazing. Not only am I interviewing for a CSIRT position on Friday, but tomorrow I'm helping someone clean up her computer as part of her divorce, and recovering some files might be required! And I have old drives I want to try and recover files from too. I look forward to seeing more of your videos.
Thanks! Also check out Introduction to KAPE (th-cam.com/video/pZRrZAJif8Q/w-d-xo.html), which is basically a follow-up to this episode. Using KAPE is now the preferred way to create triage images.
Thank you alot for your efforts
Hello Sir, is there any other tools that AD1 image can analyze/preview other than FTKSuite and FTKImager?
You might try Arsenal Image Mounter. Can't say I've tried to mount an AD1 with it, but it's hands down the best image mounting utility you can find.
How to create an image of ransomware affected drive? When we plug in any USB, all file are encrypted.
Is the a way to set a default custom content sources? like if you have a core data you want to gather each time and automate the data acquisition using FTK?
I believe FTK imager is manual. To get a customized image use Cylr. You can customize the config file.
@@richmcelroy2382 Thanks
nice vid thanks