Has anyone an experience with running EnCase and FTK in a VMWare environment? Installed EnCase just have the problems with linking the dongles which I am about to try and do
Why you may ask, well to cut a long story short 17 PC's in a lab, at the moment the PC's have been ghosted from one PC that had the softtware installed on it, however major issues with EnCase and FTK with reliability usability of software. Multiple students use the machines so any changes they make are reflected in the software for the next user and so on and so on. Some options appear in both EnCase and FTK for one user and when the next user comes along they are not there.
I am looking at VMWare as a possible solution to this as each person will have there own virtual PC with the software on and they can do what they like to it (within reason) without affecting the next user.
State of play at the moment is I Ihave istalled EnCase just have the problems with linking the dongles which I am about to try and do.
Any suggestions and thoughts most welcome.
Philip
Your host machine and guest machine will be fighting over any dongles or USB drives you attach to your physical box. If you make your vm run full screen, it should grab the dongle and keep it attached to that vm. It seems to run a bit faster at full screen as well, but that could be wishful thinking on my part…
Hello,
you might try to attach the dongle to your machine, and then to select VM->Removable Devices-> USB Devices from the VMWare interface. This will open a pull-down menu listing all the USB devices attached to your machine.Then, select the USB dongle, that should be identified by a (hopefully) meaningful string used by the dongle to identify itself with the O.S.
Thanks for the suggestions, I managed to get the AccessData dongle to work. VMWare creates a 2 Port Hub, I have a 512MB Thumb drive in one and the license dongle in the other however on my first test when I run FTKi and FTK I go through the procedure of adding evidence I choose logical drive and then the thumb drive from the drop down, FTK crashes at this point and FTKi crashes as soon as I get to the end and press the Start button.
Anyone any ideas of what to look for I suspect it is the VMWare interfacing with the USB Hub, but FTK would image the contents of a folder from the USB drive without any problems.
Thanks
Philip
Your host machine and guest machine will be fighting over any dongles or USB drives you attach to your physical box. . . .
In my tests, this is quite correct with respect to FTK. In the VM, you can grab the dongle and install FTK's drivers. If your aim, however, is to run two instances of FTK products at once, I have no answer. Making the dongle co-exist in real and virtual worlds seems to be the issue. I imagine that buying a second dongle would work. wink A number of users have suggested that FTK permit multiple instances, which still may not result in in ability to share a dongle in the host and guest.
i've run ftk & encase4 without any problem in Microsoft virtual machine @ several instants (O
i've run ftk & encase4 without any problem in Microsoft virtual machine @ several instants (O
I should have made it clear that I was using VMware. When you say several instances, am I correct in assuming that you were running one instance of FTK in the host and one instance in one or more guests?
yes.
i thought your primary focus was getting the job done for 17 PC's in a lab for students regardless of the tools…… which you can do very less to fix the compatibility problem if any. Both software is free anyways.
My bad (O
Your host machine and guest machine will be fighting over any dongles or USB drives you attach to your physical box.
imazing the USB, coppying it in a virtual OS and running a virtual FS would be less troublesome i suppose!
No, my intention is not run FTK, FTKi or Encase on a VMWare Machine as well as the PC itself that is hosting the VMWare. My intention is to simply allow the students to use the various forensic software via a VMWare machine with the ability to take snapshots and have there own 'setup' of the software.
I don't think that is possible (anyone correct me in case I'm wrong) but although you take a snapshot of a running system with these tools, you will need a dongle for each student.
