Great video.. Thanks... I was testing the EZ tools individually but this aggregation too seems more useful... Please make a video about he available modules and what they do... Thanks again...
When you run this on a live system, isn't there a concern of mistakenly modifying evidence? I know that this is a method of logical acquistion but I assume it can also run against targets which are mounted read only (from a physical acquisition previously done)?
Sure, when you run *anything* on a live system, including a memory capture, you are technically changing evidence. This cannot be helped, but the most important thing you can do is to document, document, document, especially if you suspect the investigation could be criminal or referred to law enforcement. Of course, as you stated, you could grab memory, verify encryption isn't in play, power off the system, and then create a triage image with KAPE against the drive connected via a write blocker.
oh I see you switched to ps at the very end, just wondering if there was any particular reason not to use it from the beginning? I read cmd prompt will be getting phased out? Thanks for such great quality videos!
![[Full] 4 ต่อ 4 Celebrity EP.922 | 10 พ.ย. 67 | one31](http://i.ytimg.com/vi/zmV5HRIxIBI/mqdefault.jpg)
Your videos are really valuable, thank you for the content you provide.
Thanks. I just downloaded to test and your video made starting much easier. Keep up the good work
😢
Excellent video, as usual. Thanks!
Is so easy to understand with your video
Great video.. Thanks...
I was testing the EZ tools individually but this aggregation too seems more useful...
Please make a video about he available modules and what they do...
Thanks again...
Great intro video, thanks for taking the time!
Excelent video and explanation, thank you!
Thanks for this great video. When you'll share the next of this for detail of all features?
Thanks for the video.........Sulthan
Awesome videos! Thank you so much
Thanks. great tool for fast evidence collection and finding leads. can you pl post something on creating and applying new modules?
Interesting suggestion - I will consider a future episode that covers those topics.
When you run this on a live system, isn't there a concern of mistakenly modifying evidence? I know that this is a method of logical acquistion but I assume it can also run against targets which are mounted read only (from a physical acquisition previously done)?
Sure, when you run *anything* on a live system, including a memory capture, you are technically changing evidence. This cannot be helped, but the most important thing you can do is to document, document, document, especially if you suspect the investigation could be criminal or referred to law enforcement. Of course, as you stated, you could grab memory, verify encryption isn't in play, power off the system, and then create a triage image with KAPE against the drive connected via a write blocker.
Target !ALL doesn't work in the newer versions. Any explanation?
Excellent Video, could you please list software used to edit your videos!
An iMac Pro and ScreenFlow primarily, and FCPX in the future for more advanced things.
Surprised you're not using powershell!
oh I see you switched to ps at the very end, just wondering if there was any particular reason not to use it from the beginning? I read cmd prompt will be getting phased out? Thanks for such great quality videos!
@@Calm_Energy No reason, I'm just old school. :)
how to add my custom TARGET?
See this:
ericzimmerman.github.io/KapeDocs/#!Pages%5C2.1-Targets.md
Can this be used with docker?
Harsh Panchal Are you asking if it can be used to forensicate a Docker image, or if you can run it within Docker?
@@13CubedYes sorry, I meant if it can run with Docker?
@@harshpanchal2202 To be honest, I've never tried. Some testing will be required :)
@@13Cubed cool no worries mate. I'm planning to try that out so thought let me ask you. But please if you do let me know how it goes. Thanks
My name