It also has the unique feature to capture system files. For example, while both FTK and Paladin have the richest feature set, they both don’t support encrypted Ex01 images, so if encrypted Ex01 images are a requirement, both tools are not for you.įTK Imager supports all image types and is able to image Mass storage devices and the RAM. It all depends on what features you really need in your tool. In imaging tools, it’s quality over quantity. It wouldn’t be fair to rank the imaging tools based on the number of features. I have listed all noteworthy features in the table below. It only supports Physical imaging and is able to generate RAW (dd), E01 and AFF images. OSFClone is easy to use and has all the basic features you expect from an imaging tool. OSFClone is a bootable imaging environment that directly boots to the imaging tool. While unknown to many investigators, OSFClone is a great tool to create images. Guymager is only able to create Physical images from mass storage devices and supports the RAW, E01 and AFF (disabled by default) file format. It’s available in the standard repositories in Debian making installation rather easy. This imaging tool is included in most bootable forensic toolkits. Paladin uses DC3DD for RAW (dd) images and EFWACquire for E01 images.Ī popular free imaging tool developed by Guy Voncken. Paladin is a modern bootable Linux distribution with a really good user interface and great imaging capabilities. Paladin isn’t a real imaging tool as it’s more of a complete forensic investigation environment. It’s able to create RAW (dd) and E01 images.
#GETTING LAST SHUTDOWN TIME ACCESSDATA FTK IMAGER ANDROID#
The Belkasoft Acquisition Tool is gaining a lot of popularity among forensic investigators because of its portability versatility and ease of use.īAT is able to create images from physical and logical drives, mobile devices running iOS and Android (full physical images if rooted) and cloud storage. Visit Opentext Belkasoft Acquisition Tool by Belkasoft It only supports the encase imaging formats E01 and Ex01. While the interface can be very intimidating for first-time users, the tool offers some great features.Įncase Forensic Imager is able to perform imaging on a physical and logical drive as well on logical file-level. Visit Accessdata Encase Forensic Imager by OpenTextĪlong with FTK Imager the most popular imaging tool on the market. Supported imaging formats include RAW (dd), SMART, E01 and AFF. It’s capable of converting images from and to other image types. FTK Imager includes the functionality to capture the system Registry and physical ram. You are able to perform basic forensic analysis and file recovery right from within FTK Imager.įTK Imager supports a wide variety of image sources, Physical and Logical drives are supported as well as logical file-level images. It can also mount images as a physical and/or logical drive and has a very capable evidence browser build in. Regardless of its name, FTK Imager does a lot more than only imaging.
0 kommentar(er)
