Forensic Collection...
 
Notifications
Clear all

Forensic Collection in Japan

6 Posts
3 Users
0 Likes
574 Views
UnallocatedClusters
(@unallocatedclusters)
Posts: 577
Honorable Member
Topic starter
 

Hello,

Would anyone be willing to share their experiences with performing forensic collections in Japan from a technical standpoint?

Any unanticipated hiccups such as FTK imager not running on Windows PCs with a Japanese interface?

 
Posted : 19/06/2015 1:21 am
(@unicron)
Posts: 36
Eminent Member
 

How are you proposing to do the collections, 'live' or the more traditional dead box route?

From your question around FTK I'm going to assume you will be doing live acquisitions, in which case your biggest obstacle is likely to be the native keyboard layout of the host machine. Because the Japanese language uses a number of different character sets, native Japanese keyboards have to have a method of switching between the different types with is handled by the OS (there's usually a special key dedicated to this).

I would recommend either taking a 'standard' USB QWERTY keyboard or install Japanese language input on a Windows machine to see how it works. Also be aware that the backslash is not used as a directory separator, and you'll see the Yen (Â¥) symbol instead.

From a technical side of things I've never had any problems acquiring Windows systems (either live or dead) as the underlying OS is the same, it's just the input layer on top that changes things. Any error messages thrown up by the OS will (obviously) be in Japanese so if you're not familiar with the language you may need some local assistance!

HTH.

 
Posted : 19/06/2015 2:22 pm
UnallocatedClusters
(@unallocatedclusters)
Posts: 577
Honorable Member
Topic starter
 

Unicron,

Thanks for the advice. As it turns out, I can read, write and speak Japanese fluently, so reading menus will not be a problem. I will bring my own USB keyboard as a backup - great heads up.

The only potential live collection aspect of my project will be personal and shared directories. I will convert one of my forensic laptops this weekend to Japanese language interface as I am interested to see how FTK Imager's menus will appear (will all menus and options such as "create image" be in Japanese or English)?

One of my all time favorite tools is DEFT (deftlinux.com), which obviously I would not use for live collections, but I am stuck trying to figure out how to get DEFT, or any other Linux forensic distribution, to appear in Japanese language.

I understand that if I am collecting a laptop containing a Japanese version of Windows booted to DEFT, then I do not need a Japanese interface in DEFT, but I still want DEFT (or CAINE, or Paladin) in Japanese for other purposes (training of Japanese professionals in the use of DEFT).

Within the live USB DEFT drives I use (purchased from osdisc.com), there are language options that do not include Japanese. There is a keyboard layout option for Japanese within DEFT, but I want all the menus to appear in Japanese.

I believe the DEFT distros are super locked down with no ability for someone like me to install a new language pack. Any ideas? I have donated regularly to the DEFT folks each time I use the tool on a for-pay project, but maybe not enough to pay for a Japanese language version to be created.

 
Posted : 19/06/2015 9:51 pm
(@unicron)
Posts: 36
Eminent Member
 

I believe the DEFT distros are super locked down with no ability for someone like me to install a new language pack. Any ideas? I have donated regularly to the DEFT folks each time I use the tool on a for-pay project, but maybe not enough to pay for a Japanese language version to be created.

You've got me on this one. My Linux knowledge doesn't extend too far, but I'm going to guess that it involves building a new kernel with either the ability to install language packs, or native Japanese OS language pre-installed. Maybe the nice folks a DEFT (or some of the more Linux-savvy members here) could give you some pointers?

Hopefully your FTK experiments were successful, from memory you should see the English menu options but it's been a while…

 
Posted : 22/06/2015 1:57 pm
(@belkasoft)
Posts: 169
Estimable Member
 

Hello,

Would anyone be willing to share their experiences with performing forensic collections in Japan from a technical standpoint?

Any unanticipated hiccups such as FTK imager not running on Windows PCs with a Japanese interface?

Please contact us at support@belkasoft.com and we will connect you with Japanese investigators which might help.

 
Posted : 24/06/2015 2:14 am
UnallocatedClusters
(@unallocatedclusters)
Posts: 577
Honorable Member
Topic starter
 

Hello all,

Quick update - I am back in the States after a successful collection in Japan.

FTK Imager Lite did the trick fine.

Most of the FTK Imager menu items appeared in English even when the software was running on a Japanese Windows laptop. The menu buttons for "Next" and "Cancel" appeared in Japanese. This was one of my original questions or concerns - it appears that some menu items in software is hard coded in (such as the FTK Imager menu items to choose "physical", "logical", "image file", or "contents of a folder"), but other menu items are taken directly from the operating system, which are thus displayed in the operating system's pre-set language.

One interesting note for those who might venture to Japan in the future

Instead of slashes "\" or "\\", Japanese Windows computer systems use the Yen symbol "Â¥".

So, an example would be C¥Users¥UserName or ¥¥FileServerName¥HomeDirectories¥SubFolderName

 
Posted : 16/07/2015 2:15 am
Share: