ScotchBroth
Data Recovery Noob
Posts: 42
Joined: Wed May 27, 2015 7:34 pm

Good Software or Hardware Tool For Field Acquisition

Sun Oct 23, 2016 6:49 pm

Oh, and Paladin is free.

User avatar
lcoughey
Forum Moderator
Posts: 476
Joined: Mon Jan 12, 2015 12:46 pm
Location: Ontario, Canada
Contact: Website Facebook Twitter Google+

Good Software or Hardware Tool For Field Acquisition

Mon Oct 24, 2016 12:08 pm

ScotchBroth wrote:Speaking of forensic imaging, does anyone use the DDI forensic addon? Whenever I do to make a DD of a drive the NTFS filesystem is undetectable by windows. I'm not certain why (I haven't dug into it really) Just wondering if anyone's experienced it and has a fix.

So, you are using DDI FE to make an image file, right? They tweak the NTFS file system so that it mounts in Windows as read only, as per the request of many forensic clients. I've found that this "tweak" doesn't play nice with Windows 10 (and possibly 8), but can be undone by run a quick scandisk using windows 7.

ScotchBroth
Data Recovery Noob
Posts: 42
Joined: Wed May 27, 2015 7:34 pm

Good Software or Hardware Tool For Field Acquisition

Wed Feb 01, 2017 2:17 pm

Yes, making a bin image with DDI FE. When I plug the drive in, it can't see the bin file at all. I have to look at it with r-studio or something like it so get the image out usually.

eric7
Data Recovery Noob
Posts: 1
Joined: Wed Apr 05, 2017 10:57 am

Good Software or Hardware Tool For Field Acquisition

Wed Apr 05, 2017 11:01 am

Really, what you want is a file-recovery tool, which is a very different function than forensic work. There are a number of other file recovery tools that will do what you want, and automatically move recovered files to a different disk/folder. A search for file recovery tools to find the feature you require, would probably be the best. I use for Windows is Recuva and Disk Drill.

Moderator note: If you can't read the thread to see that this is a discussion between data recovery professionals talking about forensic imaging I have no choice but to assume you're just here to SPAM software. Data recovery software developers are more than welcome to discuss their products here, but not to pretend to be end users plugging their programs on unrelated threads.

RolandJS
Data Recovery Noob
Posts: 30
Joined: Fri Mar 10, 2017 3:18 pm

Good Software or Hardware Tool For Field Acquisition

Mon Apr 10, 2017 11:59 am

As an intermediate backup/restore person, as a beginner data recovery [first response level] person, I am interested in learning more about forensic imaging. Obviously FI is different, more complicated, than full imaging with Macrium Reflect or Imaging for Windows, correct? I'd like to learn more from the experiences of others.
"Take care of thy backups and thy restores shall take care of thee." -- Ben Franklin revisited.
http://collegecafe.fr.yuku.com/forums/4 ... hnologies/
Backup...! -- Lady Fitzgerald (sevenforums)
Clone or Image often!.... -- RockE (WSL)

User avatar
pclab
Forum Moderator
Posts: 1419
Joined: Tue Jan 13, 2015 4:55 pm
Contact: Website Facebook

Good Software or Hardware Tool For Field Acquisition

Mon Apr 10, 2017 12:46 pm

But you want to do Data Recovery or Forensics?

They are different areas...
www.pclab.com.pt
facebook.com/PCLAB.Assistencia.Tecnica

RolandJS
Data Recovery Noob
Posts: 30
Joined: Fri Mar 10, 2017 3:18 pm

Good Software or Hardware Tool For Field Acquisition

Mon Apr 10, 2017 2:54 pm

pclab wrote:But you want to do Data Recovery or Forensics? They are different areas...
Agreed! I'm not sure what the differences are; I can guess, however, I would rather read posts from those in the know :)
"Take care of thy backups and thy restores shall take care of thee." -- Ben Franklin revisited.
http://collegecafe.fr.yuku.com/forums/4 ... hnologies/
Backup...! -- Lady Fitzgerald (sevenforums)
Clone or Image often!.... -- RockE (WSL)

User avatar
pclab
Forum Moderator
Posts: 1419
Joined: Tue Jan 13, 2015 4:55 pm
Contact: Website Facebook

Good Software or Hardware Tool For Field Acquisition

Mon Apr 10, 2017 4:17 pm

Maybe first it was better for you, to tell us what you want/need to do and future expectations..
www.pclab.com.pt
facebook.com/PCLAB.Assistencia.Tecnica

RolandJS
Data Recovery Noob
Posts: 30
Joined: Fri Mar 10, 2017 3:18 pm

Good Software or Hardware Tool For Field Acquisition

Tue Apr 11, 2017 12:18 am

pclab wrote:Maybe first it was better for you, to tell us what you want/need to do and future expectations..
Presently, just learning more and more about individual and small business data recovery; however, I would like learn more about Forensic imaging -- to better appreciate what youse all are doing.
"Take care of thy backups and thy restores shall take care of thee." -- Ben Franklin revisited.
http://collegecafe.fr.yuku.com/forums/4 ... hnologies/
Backup...! -- Lady Fitzgerald (sevenforums)
Clone or Image often!.... -- RockE (WSL)

User avatar
Jared
Forum Admin
Posts: 3139
Joined: Mon Jan 12, 2015 12:32 pm
Location: Providence, RI
Contact: Website Facebook Twitter Skype YouTube Google+

Good Software or Hardware Tool For Field Acquisition

Tue Apr 11, 2017 7:06 am

When it comes to imaging there are some real differences between data recovery and forensics. In data recovery the goal is always to read out as many sectors as possible from media which is often failing. Even if the hardware is perfectly fine, an image or clone is usually still created to have a backup copy should anything go wrong during the process.

In forensics, you always have to assume that the case might go to court. This means that you'll need to be able to prove that the copy is authentic and hasn't been tampered with. You'll also need to document your exact process so that if your results are questioned another forensics investigator can replicate your same results. So for example when imaging a hard drive, it's usually standard practice to create two copies simoltaneously and to generate checksums for the images. The imaging is logged by the software and checksums recorded in the logs. Then one copy goes with the investigator who's going to analyze the data, the other usually goes to a safe location such as a safe box and is kept inaccessable to the forensics investigator. If anyone questions the evidence found on the drive and insinuates it was put there by the investigator it can easily be proven that it wasn't by comparing the checksum of the data and/or comparing the second copy.

Return to “Forensic Tools”

Who is online

Users browsing this forum: No registered users and 0 guests