Notifications
Clear all

uefi

6 Posts
6 Users
0 Likes
622 Views
 dega
(@dega)
Posts: 261
Reputable Member
Topic starter
 

dear all,
I have got to do the copy of two laptop. Both have the drive soldered on the main board.
MY idea is to boot the pc using caine. Both has windows 8.1 so I can't choose boot options.

Anybody can help me?
thanks

 
Posted : 08/03/2017 9:18 pm
JimC
 JimC
(@jimc)
Posts: 86
Estimable Member
 

You could also boot them from DVD or USB using Windows PE which will give you a native Windows environment. This is available in the more recent Windows installation disks or by downloading the Windows Assessment and Deployment Kit.

Please beware that WinPE will mount local disks and probably make changes. If you want a more "forensic" safe experience you could try the related WinFE. See http//www.forensicswiki.org/wiki/WinFE

Jim
www.binarymarkup.com

 
Posted : 08/03/2017 11:32 pm
JaredDM
(@jareddm)
Posts: 118
Estimable Member
 

I much prefer to use a Linux live build such as Knoppix or Sparky Linux. Then you can just ddrescue the eMMC memory to an image file or external HDD.

Mind you, I'm not a forensics guy so I don't worry about things like checksums too much. But, I'm sure you can find a way to do that in Linux as well.

 
Posted : 09/03/2017 3:38 am
bytethese
(@bytethese)
Posts: 12
Active Member
 

What about using a tool like Paladin (via CD or bootable flash drive)? It should be able to mount the volume read-only and image to an attached external drive.

 
Posted : 10/03/2017 2:36 am
(@mobileforensicswales)
Posts: 274
Reputable Member
 

What version of windows 32 64 or that horrible arm version?

 
Posted : 10/03/2017 3:03 pm
(@jjh2320)
Posts: 21
Eminent Member
 

Hi,

In reference to JimC's comment regarding the automatic mounting of local disks. This is avoidable by making changes to the registry on the PE disk prior to using it connected tot he evidential media, which will disable the automatic mounting of disks.

Just something worth bearing in mind.

Thanks,

J.

 
Posted : 10/03/2017 10:09 pm
Share: