Join Jungwoo Ryoo for an in-depth discussion in this video Live acquisition with FTK Imager, part of Learning Computer Forensics (2014).
In another lesson of this course,…we talk about using FTK as a static acquisition tool.…FTK Imager can also be used as a live acquisition tool and in this lesson,…we'll use FTK Imager to conduct our live acquisition.…Let's start FTK Imager.…Choose Run as Administrator.…Go to file, go to capture memory.…You have to say what is your destination patch next.…Click on browse.…Let's make the destination folder as our desktop.…Choose desktop.…Click on OK.…And then click on capture memory.…
This computer has about 19 gigabyte of memory.…As you can see here and…it will take some time before we can capture the entire memory.…Finally, the memory capturing process has been finished successfully.…Once this process is over, just click on close.…You can see the result of your live acquisition.…In this case, the file is named as memory dump.mem.…To analyze the result of your live acquisition,…you need a separate software program.…In this case you can use a professional solution such as FTK by access data.…You can also use an open source solution such as volatility we cover in…
- Understanding computer forensics
- Understanding partitioning
- Using a hex editor
- Preparing a target drive
- Acquiring data
- Ensuring data integrity with hashing
- Indexing and searching
- Generating a report
Skill Level Intermediate
Q: Which operating systems support built-in write blocking?
Q: Are there other ways to access deleted files in the usbimage.001 file?
Small Office Networking to Connect, Share, and Printwith Garrick Chow3h 23m Appropriate for all
1. Understanding Computer Forensics
2. Preparing for a Computer Forensics Investigation
3. Preserving Data
4. Acquiring Data
5. Analyzing Data
Next steps1m 1s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.