Forensics: FTK Imager

There are several  imaging products in the computer forensics market that work on Window such  as EnCase, Paraben, and WinHex, however the most versatile and best value for money is FTK Imager, by Access Data. It has several benifits over its rivals, including: 

  • FTK imager is free. Which makes it excellent value for money. EnCase does not need a dongle to image, but you cannot preview the data without a dongle, unlike FTK Imager.
  • FTK Imager is able to create differnet image formats: EO1, DD, or SMART.
  • Its able to image drives, but also aquire files or folders (uses its AD1 format, similar to the EnCase LO1 format)
  • It can preview the data
  • It produces a simple text log of its action
  • It can run from a USB drive, without being installed.  Excellent for aquiring data from servers.

It is the high quality of tools like this that made the launch of FTK 2 so dissapointing.

Advertisements

2 Responses to “Forensics: FTK Imager”

  1. How do you get a job in computer forensics? « Data - Where is it? Says:

    […] hold of basic forensic software, Helix, is a good start as is FTK Imager and DTSearch. Use trial versions of EnCase and FTK and anything else you can get hold […]

  2. Forensics: What is imaging? « Data – Where is it? Says:

    […] to Encase, the most famous/popular/expensive of forensic toosl which can only create E01 files, to FTK Imager, a light weight free imaging tool that can produce E01 Files, RAW, or DD […]


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: