When it comes to booting up evidence files acquired from target disk, you got two options. One is VFC and the other is Live View. Both of them could create snapshots out of images such as EWF(E01). So forensic examiners could conduct a live forensic as if suspect's computer/laptop is in front of them.

Some may ask if there is another option to bootup evidence files. And the answer is "yes". I will show you the combination of FTK Imager and Oracle VirtualBox. First we have to mount evidence files with Admin privileges.

Now we know these evidence files mounted as "PhysicalDrive1". So we have to create vmdk out of this physical drive. Look! It also requires Admin Privileges to run this command prompt.

If everything is fine and the result shows that we successfully create vmdk files from PhysicalDrive1.

Next we have to create a Virtual Machine by choosing the existing vmdk files we created as above.

Finally we could bootup suspect's computer/laptop and conduct a live forensics.

Another option to bootup evidence files的更多相关文章

  1. LiveView 0.8 RC1 could boot evidence files acquired from Win10 64bit

    The latest Windows 10 will be more and more popular in the very near future. Now let's take a look i ...

  2. EnCase missed some usb activities in the evidence files

    My friend is a developer and her colleague May was suspected of stealing the source code of an impor ...

  3. RH033读书笔记(12)-Lab 13 Finding and Processing Files

    Sequence 1: Using find Scenario: Log in as user student. Devise and execute a find command that prod ...

  4. Git操作删除 untracked files

    最近使用git 管理项目的时候,编译过程中出现了很多中间文件,今天发现使用 git clean 命令可以很方便进行清除: # 删除 untracked files git clean -f # 连 u ...

  5. [已解决] 含gorm、sqlite3包的go程序构建失败 C:\Program Files\Go\pkg\tool\windows_amd64\link.exe: running gcc failed: exit status 1

    gorm官方文档教程实例,构建出现错误.C:\Program Files\Go\pkg\tool\windows_amd64\link.exe: running gcc failed: exit st ...

  6. How to bypass Win10 logon password?

    Usually we will use LiveView or VFC to "boot up" the evidence files acquired from suspect' ...

  7. Fedora 22中的RPM软件包管理工具

    Introduction The RPM Package Manager (RPM) is an open packaging system that runs on Fedora as well a ...

  8. [No000098]SVN学习笔记5-分支,合并,属性,补丁,锁,分支图

    行结束符和空白选项 在项目的生命周期中,有时可能会将行结束符由 CRLF 改为 LF,或者修改一段代码的缩进.不幸的是这样将会使大量的代码行被标记为已修改,尽管代码本身并没有被修改.这里列出的选项将会 ...

  9. centos 7.0 编译安装php 7.0.3

    php下载页面 http://cn2.php.net/downloads.php 7.0.3多地区下载页面 http://cn2.php.net/get/php-7.0.3.tar.gz/from/a ...

随机推荐

  1. SQL中的LIKE语句的用法

    SQL中的LIKE语句的用法 内容 在SQL结构化查询语言中,LIKE语句有着至关重要的作用.LIKE语句的语法格式是:select * from 表名 where 字段名 like 对应值(子串), ...

  2. Unity3D热更新之LuaFramework篇[06]--Lua中是怎么实现脚本生命周期的

    前言 用c#开发的时候,新建的脚本都默认继承自Monobehaviour, 因此脚本才有了自己的生命周期函数,如Awake,Start, Update, OnDestroy等. 在相应的方法中实现游戏 ...

  3. BZOJ 2152:聪聪可可(树上点分治)

    题目链接 题意 中文题意. 思路 和上一题类似,只不过cal()函数需要发生变化. 题目中要求是3的倍数,那么可以想到 (a + b) % 3 == 0 和 (a % 3 + b % 3) % 3 = ...

  4. LightGBM,面试会问到的都在这了(附代码)!

    1. LightGBM是什么东东 不久前微软DMTK(分布式机器学习工具包)团队在GitHub上开源了性能超越其他boosting工具的LightGBM,在三天之内GitHub上被star了1000次 ...

  5. 基于C#的机器学习--我应该接受这份工作吗-使用决策树

    决策树 要使决策树完整而有效,它必须包含所有的可能性.事件序列也必须提供,并且是互斥的,这意味着如果一个事件发生,另一个就不能发生. 决策树是监督机器学习的一种形式,因为我们必须解释输入和输出应该是什 ...

  6. Innovus教程 - Flow系列 - MMMC分析环境的配置概述(理论+实践+命令)

    本文转自:自己的微信公众号<集成电路设计及EDA教程> <Innovus教程 - Flow系列 - MMMC分析环境的配置概述(理论+实践+命令)>   轻轻走过,悄悄看过,无 ...

  7. 两个域名同时访问一个tomcat下的两个项目

    两个域名,分别映射一个TOMCAT底下,两个应用. 分三个步骤完成. 1.域名与IP的解析,此步骤在万网等机构完成. 2.APACHE的httpd.conf的配置 <VirtualHost *: ...

  8. codeblocks出现'to_string' was not declared in this scope 的问题,用g++11编译环境

    在将数字转化为字符串时使用to_string()竟然出现了'to_string' was not declared in this scope,我头文件用的万能头文件肯定没问题,而这个函数在其他的CB ...

  9. ASP.NET CORE配置用户密码验证

    在 class Startup 中配置 public void ConfigureServices(IServiceCollection services) { services.AddDbConte ...

  10. 哈夫曼编码与解码的C++实现:建立哈夫曼树、进行哈夫曼编码与解码

    最近完成了数据结构课程设计,被分到的题目是<哈夫曼编码和解码>,现在在这篇博文里分享一下自己的成果. 我在设计时,在网上参考了很多老师和前辈的算法和代码,向他们表示感谢!他们的成果给了我很 ...