Archive for July, 2011

Image a Hard Disk Using FTK Imager (How-To)

Although it is not ideal, sometimes you need to acquire a forensic disk image from a live system. This is often the case when you cannot take the host out of service for a dead disk acquisition. There are also times you need to rely on IT or security personnel to acquire a disk image, despite the fact they are not trained in modern forensic practices.

To guide you through an accepted method of acquiring a disk image from a live host, I have published a detailed ‘How-To‘  titled “Image a Disk Using FTK Imager.” FTK Imager is Access Data’s free imaging tool that is used around the world by forensic experts. If you follow the detailed steps in this document, you can correctly acquire a disk image that can be sent securely to a forensic examiner for analysis.