DIGITAL FORENSICS:FEX Image advanced forensics
After installing the FEX Image
we can start by creating an image and to do so, we have to go to the source >select
it will ask you the source to acquire image.
After selecting the create disk image it will ask you the evidence type whether i.e. Device, etc.
and once you have selected the evidence type then press OK the next button to move further in the process.
After this, it will ask you for the destination folder i.e. where you want your image to be saved along with its name and path, format, checksum and other evidence related details. Once you fill up all the details, click on the next button.
And now the process to create the image will start and it will simultaneously inform you about the elapsed time, estimated time left, image source, destination and status.
After the progress bar completes and status shows Image created successfully then it means our forensic image is created successfully .
And so, after the creation of the image you can go to the destination folder and verify the image as shown in the picture below :
First Download autopsy from here and install in your pc. Click ‘Create a New Case’ option.
A new page will open. Enter the details in ‘Case Name’ and ‘Base Directory’ . Then click on next to proceed to next step.
Here in next step you have to enter the case number and Examiner details and click on finish to proceed to next step.
A new window will open .It will ask for add data source in Step 1. Select source type to add & browse the file Path (Disk Image and click on NEXT Option to proceed further.
In Step . Configure ingest Modules I have chosen all the modules as I am looking for complete information on evidence device or disk or system etc. and click next to proceed further.
After Process completion, it will show Forensic Investigation Report. Now click on Devices Attached option, it will show the list of attached device with system.
ที่มา:
http://www.forensicexplorer.com/
หมายเหตุ:เนื้อหาในเว็บไซต์นี้มีขึ้นเพื่อวัตถุประสงค์ในการให้ข้อมูลและเพื่อการศึกษาเท่านั้น
* หากมีข้อมูลข้อผิดพลาดประการใด ขออภัยมา ณ ที่นี้ด้วย รบกวนแจ้ง Admin เพื่อแก้ไขต่อไป
ขอบคุณครับ
#WindowsForensic #ComputerForensics #dfir #forensics #digitalforensics #computerforensic #investigation #cybercrime #fraud
No comments:
Post a Comment