When it comes to booting up evidence files acquired from target disk, you got two options. One is VFC and the other is Live View. Both of them could create snapshots out of images such as EWF(E01). So forensic examiners could conduct a live forensic as if suspect's computer/laptop is in front of them.

Some may ask if there is another option to bootup evidence files. And the answer is "yes". I will show you the combination of FTK Imager and Oracle VirtualBox. First we have to mount evidence files with Admin privileges.

Now we know these evidence files mounted as "PhysicalDrive1". So we have to create vmdk out of this physical drive. Look! It also requires Admin Privileges to run this command prompt.

If everything is fine and the result shows that we successfully create vmdk files from PhysicalDrive1.

Next we have to create a Virtual Machine by choosing the existing vmdk files we created as above.

Finally we could bootup suspect's computer/laptop and conduct a live forensics.

Another option to bootup evidence files的更多相关文章

  1. LiveView 0.8 RC1 could boot evidence files acquired from Win10 64bit

    The latest Windows 10 will be more and more popular in the very near future. Now let's take a look i ...

  2. EnCase missed some usb activities in the evidence files

    My friend is a developer and her colleague May was suspected of stealing the source code of an impor ...

  3. RH033读书笔记(12)-Lab 13 Finding and Processing Files

    Sequence 1: Using find Scenario: Log in as user student. Devise and execute a find command that prod ...

  4. Git操作删除 untracked files

    最近使用git 管理项目的时候,编译过程中出现了很多中间文件,今天发现使用 git clean 命令可以很方便进行清除: # 删除 untracked files git clean -f # 连 u ...

  5. [已解决] 含gorm、sqlite3包的go程序构建失败 C:\Program Files\Go\pkg\tool\windows_amd64\link.exe: running gcc failed: exit status 1

    gorm官方文档教程实例,构建出现错误.C:\Program Files\Go\pkg\tool\windows_amd64\link.exe: running gcc failed: exit st ...

  6. How to bypass Win10 logon password?

    Usually we will use LiveView or VFC to "boot up" the evidence files acquired from suspect' ...

  7. Fedora 22中的RPM软件包管理工具

    Introduction The RPM Package Manager (RPM) is an open packaging system that runs on Fedora as well a ...

  8. [No000098]SVN学习笔记5-分支,合并,属性,补丁,锁,分支图

    行结束符和空白选项 在项目的生命周期中,有时可能会将行结束符由 CRLF 改为 LF,或者修改一段代码的缩进.不幸的是这样将会使大量的代码行被标记为已修改,尽管代码本身并没有被修改.这里列出的选项将会 ...

  9. centos 7.0 编译安装php 7.0.3

    php下载页面 http://cn2.php.net/downloads.php 7.0.3多地区下载页面 http://cn2.php.net/get/php-7.0.3.tar.gz/from/a ...

随机推荐

  1. Java NIO 学习笔记(五)----路径、文件和管道 Path/Files/Pipe

    目录: Java NIO 学习笔记(一)----概述,Channel/Buffer Java NIO 学习笔记(二)----聚集和分散,通道到通道 Java NIO 学习笔记(三)----Select ...

  2. raft算法解析

    一.raft算法引入 在寻找一种易于理解的一致性算法的研究(In Search of an Understandable Consensus Algorithm-extended version) 论 ...

  3. eclipse的安装与使用方法

    eclipse的安装与使用方法: eclipse是Java编程利器,工欲善其事必先利其器.下面我们来说说eclipse的安装与使用: 安装分三步: 第一步:安装eclipse 1.官网下载eclips ...

  4. Programming In Lua 第四章

    1, 2, 3, 4, 5, 6, 7,

  5. smarty 截取字符串

    在视图中使用smarty来截取字符串的方法:          {$array|truncate:15:"...":true}   php:控制器中 $index['content ...

  6. 源码解读·RT-Thread操作系统从开机到关机

    本篇内容比较简单,但却很繁琐,篇幅也很长,毕竟是囊括了整个操作系统的生命周期.这篇文章的目的是作为后续设计多任务开发的铺垫,后续会单独再抽出一篇分析任务的相关知识.另外本篇文章以单核MCU为背景,并且 ...

  7. HDU 6207:Apple(Java高精度)

    题目链接 题意 给出三个圆上的点,和一个目标的点,问目标点是否在这三个点构成的圆外面. 思路 许久没见过的Java高精度,不要加package!!! import java.math.BigDecim ...

  8. 基于C#的机器学习--深层信念网络

    我们都听说过深度学习,但是有多少人知道深度信念网络是什么?让我们从本章开始回答这个问题.深度信念网络是一种非常先进的机器学习形式,其意义正在迅速演变.作为一名机器学习开发人员,对这个概念有一定的了解是 ...

  9. 1.为什么会有Servlet?它解决了什么问题?

    1. 为什么会出现Servlet? 因为web服务器(tomcat.Weblogic.iis.apache)没有处理动态资源请求的能力(即该请求需要计算),只能处理静态资源的请求(如果浏览器请求某个h ...

  10. 十代雅阁广东车友群,雅阁广州车友群,深圳雅阁车友群,雅阁微信群、雅阁车友群、十代雅阁交流微信QQ群

    最近一直在关注第十代雅阁,不论是普通汽油版本还是油电混动版本都很不错,在网上看到很多评测文章和视频 后续都会整理发布到微信群中. 由于论坛发帖,博客发文都不是很方便,为了及时沟通,先创建了微信群,方便 ...