You might consider Automated Image & Restore (AIR) -- basically a GUI front-end for dd/dfcldd: http://air-imager.sourceforge.net/
-Joel "The path to hell is paved with good intentions." On Thu, Dec 10, 2009 at 2:55 PM, PJ McGarvey <[email protected]>wrote: > I'll second FTK Imager Lite as a free, portable tool, that can do drive > imaging, deleted files analysis and extraction, file hashing and the latest > version also does memory acquisition. I keep it on a USB key and use it > pretty frequently. > > Does anyone know something similiar (portable, gui-fied) that runs on > Linux? > > PJ > > > Date: Thu, 10 Dec 2009 11:14:50 -0500 > > From: [email protected] > > > To: [email protected] > > Subject: Re: [Pauldotcom] Digital Forensic Software > > > > > All great advice. I just did some demos for the sysadmins at work on > > several Forensic Image packages available. Here's some notes that > > might help and save you some time. > > > > Helix Pro 3 - must purchase > > > > Easy to use > > Can be used as a Live or Bootable CD > > Includes hashing capabilities. > > Includes a “Receiver” server for receiving multiple images on a network. > > Supported on Windows, Mac, and Linux > > Support via Forums and Email > > Includes auto generated Chain of Custody Forms > > > > Bootable CD - Marks all mounted drives as read only by default > > Live CD - Run from within OS, touchess OS but they have this well > documented > > > > Some notes on using Bootable Option (if you have issues) > > > > Enable Safe Mode Video (F4) and acpi=off “advanced Configuration and > > Power Interface” (F6) on the boot menu. > > Note: You Must manually mount destination disk as read/write via > interface > > > > Raptor - free at http://www.raptorforensics.com > > > > Bootable CD raw image utility based on Ubuntu, interface a bit more > > clumsy compared to Helix but it works and it is free > > > > Dcfldd - free at http://dcfldd.sourceforge.net/ > > > > Live CD raw image utility - windows or linux -cmd line only > > > > > > Live View 0.7b - free (can convert Image files into a VM) at > > http://liveview.sourceforge.net/ > > > > provides an easy to use interface that can create read only .vmdk from > > a raw image or physical disk. > > Will disable networking within VMWare auto > > Can run a cryptographic checksum on the image before and after booting > > to verify the integrity of the evidence > > Support for all versions of Windows and some Linux > > Supports VMWare Workstation 5.5+ or Server 1.X (does not support Server > 2.X yet) > > Can be used with a single image file or split images > > > > > > Also FTK rocks for mounting read only and carving out what you want. > > It also has a "lite" version that will run off a USB device > > > > Hope this helps. > > > > Tim > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
