Re: [sleuthkit-users] creating an image
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-users] creating an image
|
From: Robert-Jan M. <rob...@ve...> - 2006-07-31 17:02:32
|
Hello Eric, We've just added a tool called 'ewfacquire' within the latest sleuthkit 2.05. With the tool you can create disk images for free. The images are compatible with Encase or FTK and metadata case information is saved within the evidence file created. ewfacquire can be found in the /sleuthkit/src/libewf directory. Ewfacquire usage: ./efwacquire /dev/hda (or sda hard disk devices) After executing it will guide you through the process of creating an image. Or you can always use the dd command to create an image. Regards, Robert-Jan Mora. Eric wrote: > I was wondering if someone could point me in the right "free" direction > into getting started with some simple commands using sleuth kit, > connectivty, and most of all creating images and/or how to specify them. > I 've been on the list a while and have realized that most of you are > very experienced with the tools, so I don't want to be a bother until I > learn more on my own ;) > > Thank you, > Eric > > ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to share your > opinions on IT & business topics through brief surveys -- and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > _______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org > > |
