First let me say I know NOTHING about forensic tools or the process.
A few months ago the govt seized my companies computers. I gave them USB drives so that they could provide me with a copy of the data on the server. They used FTK Imager to create the files.
I now need to selectively restore some files within the image files.
Is there a GUI program out there that will let me view the contents and select which files to restore?
I need to get this done ASAP because it's delaying my 2007 tax filing.
Any help would be GREATLY APPRECIATED.
FTK Imager Lite is available from AccessData and will allow you to view (and recover) any of the typical image formats. Additionally there is a program called MountImage Pro that will allow you to mount the forensic image as a drive letter.
FTK Imager Lite is available from AccessData and will allow you to view (and recover) any of the typical image formats. Additionally there is a program called MountImage Pro that will allow you to mount the forensic image as a drive letter.
Thanks, I think I tried MountImage Pro. When I pointed it to the USB drive it told me it couldnt find an image to mount. I'll redownload the software and try it again.
MountImage Pro doesnt see the files on the drive. This is a sample file name from the disk njrcfl022929_ddimage.001
Do I need to convert the .001 files to a "dd" extension? How is this done.
You may need to convert to an EnCase image, but I do not have MIP with me to say for sure. I was thinking that if you select all files and select the .001 file it would mount the image.
You may need to convert to an EnCase image, but I do not have MIP with me to say for sure. I was thinking that if you select all files and select the .001 file it would mount the image.
Sounds like I need to convert it to something but MIP won't accept .001, .002….. as valid extensions. They suggested I create a flat file listing all the files then save that flat file as a RAW file. MIP found this file but then gave me all kinds of errors.
I am WORRIED about not being able to restore these files. I am certain that I will get nowhere if I call the govt and ask them for help extracting the files.
What part of NY are you in? You'll need to concatenate the .00x files in to one file. You can do this a number of ways. Perhaps the simplest way is to do the following
Download unxutils from http//unxutils.sourceforge.net/
Make a copy of the image files - copy them in to a new directory
run cat against them as follows
cat njrcfl022929_ddimage.* >> njrcfl022929_ddimage.dd
*make sure you aren't copying the .txt or .csv files*
What part of NY are you in? You'll need to concatenate the .00x files in to one file. You can do this a number of ways. Perhaps the simplest way is to do the following
Download unxutils from http//unxutils.sourceforge.net/
Make a copy of the image files - copy them in to a new directory
run cat against them as follows
cat njrcfl022929_ddimage.* >> njrcfl022929_ddimage.dd
*make sure you aren't copying the .txt or .csv files*
My office is in the Bronx.
I assume I would run the cat against each of the 200+ files. I could create a little batch file to do this.
Once this is done, what tool am I using to selectively restore files from the images.
What part of NY are you in? You'll need to concatenate the .00x files in to one file. You can do this a number of ways. Perhaps the simplest way is to do the following
Download unxutils from http//unxutils.sourceforge.net/
Make a copy of the image files - copy them in to a new directory
run cat against them as follows
cat njrcfl022929_ddimage.* >> njrcfl022929_ddimage.dd
*make sure you aren't copying the .txt or .csv files*
I tried downloading the unxutils but got an error message stating that I didnt have permission to the file.
Go with Bitheads first suggestion of using FTK Imager. You can open the files by selecting the first .001 under the "Open Image" option. Then navigate to the files you want and export them. Should work fine with no conversion necessary.