±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 35868
New Yesterday: 0 Visitors: 158

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

IBM AS400 - Forensic Acquisition Questions

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

tharr4000
Newbie
 

IBM AS400 - Forensic Acquisition Questions

Post Posted: Aug 12, 19 15:40

Looking to run a full disk acquisition of several IBM AS400 systems running the OS/400 operating system. Has anyone accomplished this?

I know that the system itself won't run the normal 3rd party tools like FTK Imager... does the OS have some native 'dd' equivalent that I'm not finding?

My other thought would be to try and boot to some Linux distro and capture that way, but will this even do any good with the proprietary file system the OS uses? Would I be able to possibly virtualize the server later to run further analysis?  
 
  

jaclaz
Senior Member
 

Re: IBM AS400 - Forensic Acquisition Questions

Post Posted: Aug 13, 19 07:01

You can always take the disks out and image them on *any* machine through a writeblocker with a suitable interface.

But what will you do with such images?

I mean you will need anyway the assistance of an AS/400 expert, to access and interpret the contents of these images, won't you?

And no, I don't think that there are AS/400 emulators, let alone tested ones for forensic scopes. Sad

jaclaz
_________________
- In theory there is no difference between theory and practice, but in practice there is. - 
 

Page 1 of 1