Hello there again,
Trying to figure the best way to acquire remote image from an EC2 instance.
Here is how I took/trying to take an image of an EC2 EBS drive
1. Using EnCase Remote Recovery (trial for 14 days)
1.a on Windows, I connected via Remote Desktop, copied the servlet and started it (it basically to allow the client on local machine to connect). Now I can use the client on my local machine to explore and acquire an image of the EC2 instance. This one worked.
1.b on Linux, I tried the same thing. However, the servlet is not working for some reason.
2. FTK Lite (this version does not require installation)
2.a on Windows, I connected via Remote Desktop while sharing one of my local disks where FTK Lite resides. On the remote machine I navigate to my local disk, run FTK Lite and start the acquisition. Since I'm sharing my local disk I can instruct FTK Lite to store the image on it. However, around 10% FTK Lite stops sending any data. I don't know if it's a problem with FTK itself or Remote Desktop.
2.b I don't know how to do the same thing on Linux.
3. I'll try the snapshot feature of EC2.
What do you think about these methods?
How can I use FTK lite in Linux instance (I need the image to be stored on a different instance or my local machine).
Do you know any other method to acquire an image from an EC2 instance?
Thank you.