Forums
Main Category
General (Technical,...
Acquisition Engines...
 
Notifications
Clear all

Acquisition Engines - Pros and Cons

 
General (Technical, Procedural, Software, Hardware etc.)
Last Post by LarryDaniel 16 years ago
4 Posts
3 Users
0 Reactions
791 Views
RSS
 farmerdude
(@farmerdude)
Estimable Member
Joined: 20 years ago
Posts: 242
Topic starter 25/02/2009 8:39 pm  

Hello all!

I'm hoping to start a dialog revolving around acquisition engines and their real versus perceived pros and cons. To narrow the focus, this would be for acquiring hard drives only. And even better, if we flame one another using the PM feature or direct e-mails, not here in this thread on Jamie's forum. I believe I read recently he's reached his limit on the pissing upon one another for the time being. )

So, no matter the operating system you use, what acquisition engine or engines do you use to acquire hard drives and why?

For example, someone may say "I use supernaut in Windows XP to acquire hard drives because it rocks and I want to touch the sun." Someone else may say "I use SMART in Linux to acquire hard drives because it has a simple GUI and I can acquire and clone simultaneously." You get the idea.

And for the time being resist the urge to be human and look too deep into it. 😉 Keep it simple and face value. Generally speaking, how do I acquire a hard drive (not the process, but the acquisition engine utilized) and why do I use this tool or these tools to acquire hard drives?

Batter up!

farmerdude

www.forensicbootcd.com

www.onlineforensictraining.com


   
Quote
 LarryDaniel
(@larrydaniel)
Reputable Member
Joined: 17 years ago
Posts: 229
27/02/2009 10:52 am  

I use different tools based on the circumstances of the acquisition. Sometimes I use Linen, sometimes I use FTK Imager, other times I use Encase.

Sometimes I use a pure hardware solution.

There are many different tools that suit different situations.


   
ReplyQuote
Wardy
 Wardy
(@wardy)
Estimable Member
Joined: 20 years ago
Posts: 149
27/02/2009 3:13 pm  

FarmerDude,

During my days of acquiring hard disks, I tended to use FTK Imager more than any other.

The reason was actually simple, it was fast, reliable and the results were easily verified.

Troublesome devices were dealt with by using either SMART or later on in my career Adepto on the Helix disk. I particularly liked the ability of SMART to split the hashing upon hitting bad area's on the disk, such that I could verify the hashes on the good parts of the disk.

Adepto - It made my life easier and took the fear of "what if I write to the wrong drive" out of using DD.

I have to say it has been well over a year since I last imaged a large drive in anger, so things may have changed.


   
ReplyQuote
 LarryDaniel
(@larrydaniel)
Reputable Member
Joined: 17 years ago
Posts: 229
27/02/2009 5:01 pm  

Dang it, I forgot to flame farmerdude. Oh well…


   
ReplyQuote
Forum Jump:
  Previous Topic
Next Topic  
Share: