Difference between pages "Category:Disk imaging" and "User:Johny Ryder"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(Unix-based imagers)
 
m
 
Line 1: Line 1:
<div style="margin-top:0.5em; border:2px solid #ff0000; padding:0.5em 0.5em 0.5em 0.5em; background-color:#dddddd; align:center;">
+
Data expert, tech lover, privacy protector. I started using computers and the internet early 1994. And I can not imagine how I would ever be able to communicate with my friends and family without these products.
'''Note:''' We're trying to use the same [[tool template]] for all devices. Please use this if possible.
+
</div>
+
  
'''TODO: Not all of the following are tools, most are simply company names. The tools should have their own articles...'''
+
It is great to be able to share through the internet. But (semi) public sharing has its downsides too. I like to read about and work on keeping the protection of private information something individuals can control themselves.
  
= Hardware imagers =
+
But sometimes it is good that there are forensic tools available. Just as long these tools are used properly. I hope people are aware of the possibilities to protect their privacy, and protectors of the public domain are aware of the forensic tools available, and use them properly.
; [[DeepSpar Disk Imager]]
+
: Handles Data Recovery Imaging issues, drive instability, and bad sectors. http://www.deepspar.com/products-ds-disk-imager.html  - Data Sheet and Whitepaper available for download from product web page.
+
; [[ICS Solo3]]
+
: Supports USB, Firewire and SCSI drives. http://www.icsforensic.com/
+
; [[Logicube Talon]]
+
: Supports USB
+
; [[PSIClone]]
+
: Built-in PATA, SATA, USB and write blocker. http://www.thepsiclone.com/
+
: Enhanced Error Handling and Logging
+
; [[Voom HardCopy III]]
+
: Allows destination drive to be formatted in NTFS.
+
  
= Unix-based imagers=
+
I hereby license all my contributions to this wiki under the Creative Commons Attribution-ShareAlike 2.5 license.
 
+
; '''ewfacquire''' and '''ewfacquiresteam'''
+
: The tools '''ewfacquire''' and '''ewfacquiresteam''' are part of the [[libewf]] library package. They can create evidence files in the [[EnCase]] and [[FTK Imager]] .E0* (EWF-E01) and [[SMART]] .s0* (EWF-S01) formats. '''ewfacquire''' and '''ewfacquirestream''' calculate an [[MD5]] and/or [[SHA1]] hash while the data is being acquired. Because of compatibility with [[EnCase]] '''ewfacquire''' and '''ewfacquirestream''' only store the [[SHA1]] digest hash in the Extended EWF (EWF-X) format. '''ewfacquire''' and '''ewfacquirestream''' provide support for byte swapping of media bytes. This is useful for dealing with big endian media on and little endian architectures and vice versa. It also has intelligent error recovery.
+
: https://libewf.sourceforge.net/
+
 
+
; [[Adepto]]
+
: http://www.e-fense.com/helix/
+
 
+
; [[aimage]]
+
: Part of the [[AFF]] system, [[aimage]] can create files is raw, AFF, AFD, or AFM formats. AFF and AFD formats can be compressed or uncompressed. [[aimage]]  can optionally compress and calculate [[MD5]] or [[SHA-1]] hash residues while the data is being copied. It has intelligent error recovery, similar to what is in [[ddrescue]].
+
 
+
; [[AIR]]
+
: AIR (Automated Image and Restore) is a GUI front-end to dd/dcfldd designed for easily creating forensic bit images.
+
: http://air-imager.sourceforge.net/
+
 
+
; [[dcfldd]]
+
: A version of [[dd]] created by the [[Digital Computer Forensics Laboratory]]. [[dcfldd]] is an enhanced version of [[GNU]] dd with features useful for forensics and security, such as calculating [[MD5]] or [[SHA-1]] [[hash]]es on the fly and faster disk wiping.
+
 
+
; [[dd]]
+
: A program that converts and copies files, is one of the oldest [[Unix]] programs. I can copy data from any Unix "file" (including a [[raw partition]]) to any other Unix "file" (including a disk file or a raw partition). This is one of the oldest of the imaging tools, and produces [[raw image files]]. Extended into [[dcfldd]].
+
 
+
; EnCase [[LinEn]]
+
: Linux-based version of EnCase's forensic imaging tool.
+
 
+
; GNU [[ddrescue]]
+
: http://www.gnu.org/software/ddrescue/ddrescue.html
+
 
+
; [[dd_rescue]]
+
: http://www.garloff.de/kurt/linux/ddrescue/
+
: A tool similar to [[dd]], but unlike dd it will continue reading the next sector, if it stumbles over bad sectors it cannot read.
+
 
+
; iLook [[IXimager]]
+
: The primary imaging tool for [[iLook]]. It is [[Linux]] based and produces compressed authenticatable [[image file]]s that may only be read in the iLook analysis tool.
+
 
+
; [[MacQuisition Boot CD]]
+
: Provides software to safely image [[Macintosh]] drives.
+
 
+
; [[rdd]]
+
: http://sourceforge.net/projects/rdd
+
: Rdd is robust with respect to read errors and incorporates several other functions: MD5 and SHA-1 hashing, block hashing, entropy computation, checksumming, network transfer, and output splitting.
+
 
+
; [[sdd]]
+
: Another [[dd]]-like tool. It is supposed to be faster in certain situations.
+
 
+
= Windows-based imagers =
+
 
+
; [[AccessData]]
+
: Their ultimate tool lets you "READ, ACQUIRE, DECRYPT, ANALYZE and REPORT (R.A.D.A.R.)."
+
 
+
; [[ASR]]
+
: A tool for [[imaging]] and analyzing disks.
+
 
+
; [[DIBS]]
+
: Can image and convert many file formats. Also builds mobile toolkit.
+
 
+
; [[EnCase]]
+
: Can image with out dongle plugged in. Only images to E0* file.
+
 
+
; [[FTK Imager]] by [[AccessData]]
+
: Can image and convert many image formats. Including [[E0*]] (EWF-E01), s0* (EWF-S01) and [[dd]]. Also a free tool.
+
 
+
; [[Ghost]]
+
: FTK can read forensic, uncompressed [[Ghost image]]s.
+
 
+
; [[iLook]]
+
: The [[IRS]]'s set of forensic tools and utilities.  iLook V8 can image in Windows.
+
 
+
; [[Paraben]]
+
: A complete set of tools for [[Windows]] (and [[handheld]]) products.
+
 
+
; [[ProDiscovery]]
+
: Images and searches [[FAT12]], [[FAT16]], [[FAT32]] and all [[NTFS]] files.
+
 
+
; [[X-Ways Forensics]]
+
: Has some limited imaging capabilities. The output is [[raw format]].
+
 
+
; [[X-Ways Replica]]
+
: Performs [[hard disk]] [[cloning]] and imaging. The output is [[raw format]].
+
 
+
 
+
[[Category:Tools]]
+
 
+
[[Category:Tools]]
+

Revision as of 04:04, 23 December 2011

Data expert, tech lover, privacy protector. I started using computers and the internet early 1994. And I can not imagine how I would ever be able to communicate with my friends and family without these products.

It is great to be able to share through the internet. But (semi) public sharing has its downsides too. I like to read about and work on keeping the protection of private information something individuals can control themselves.

But sometimes it is good that there are forensic tools available. Just as long these tools are used properly. I hope people are aware of the possibilities to protect their privacy, and protectors of the public domain are aware of the forensic tools available, and use them properly.

I hereby license all my contributions to this wiki under the Creative Commons Attribution-ShareAlike 2.5 license.