Hi.. Anyone plz help ?
I'm using FTK from past 2 weeks now. I imaged a small files of size 2 to 4GB and live search and index search works fine.
Now i have imaged 80GB disk and the image is split in to 20GB each. Live search does not proceed and index search does not work. Please let me know the reason.
If any further details are required plz ask me!!
Regards,
Sudha
Greetings,
a) How are they "not working"? What is, or is not, happening?
b) Have you tried the AccessData forums?
c) Is this a licensed copy? FTK without a license only handles 5,000 files, or some similar limit.
-David
Hi..
I'm answering one by one..
a) FTK finished the processing of the image. Then i started with the Live search, which is also started… but the progress bar remains the same even after 2 days(It says "in progress…")
Once i got irritated and stopped the data processing.. and then i saw the search results.."it says 0 hits in 0 files" but the contents that I'm looking for in the hard disk is present for sure.
b) I have not tried AccessDate forums, will register very soon…
c) Yes this is a licensed copy of FTK 2.0
And please add further clarity on FTK..
If a search is running… cant i do anything else?? Like view the Graphics tab?? If i click on anything else the entire process just hangs up… roll
Sudha ?
2.0 is very resource intensive. If you do not have enough RAM, processing power, etc. things can get slow very quickly.
Have you upgraded to 2.2.1?
Greetings,
Aye, *which* version of FTK comes in to play. And where did you install the Oracle backend. And did you confirm that the worker and database are still talking to each other.
-David
I've noticed a big improvement with 2.2.1. If you don't have that, I would suggest starting there and then seeing if that's the problem. Straight 2.0 was a dog.
Hi..
I'm using FTK 2.0.. I still have to upgrade my machine to 2.2
The machine has 3GB RAM and its 64bit Atlon…
And i have noticed that the oracle and ftk_worker communicate a lot..
Oracle is on D drive and D drive has a huge space… but C drive has only 20 GB and there is only only 1 GB free space left in it…
The reason for it
I have created 10 cases as of now…and all these cases takes space in C Drive… I will have to backup all these and delete all these cases on C drive to get free space…and plz note that I'm not able to take backup of cases which occupy more than 5GB space
I think FTK cant proceed if there is no space is C drive(plz comment on this)
Please suggest how can i store all these case information directly on D drive… Or let me know if re-insalling is the final option…
I should get this working…
Thanks in advance
Sudha
Greetings,
FTK 2.0 is essentially unusable. Seriously. For all intents and purposes, everything prior to 2.2 was a beta release.
Upgrade to 2.2 and then try - you'll be a lot happier.
-David
Thanks a lot for all the inputs and suggestions…
One more query… Will FTK automatically take all the existing cases on the machine and migrate/upgrade to FTK 2.2 ?? or do i have to do it in some particular way?? Plz let me know..
Thanks in advance
Sudha
You shouldn't have your case files on your C drive. Ideally, you want a separate drive for each of
Operating System
Case Files
Oracle DB
Image file
Ideally, your Oracle DB is on a raid to improve performance, and also ideally you put your windows swap file on a separate drive.
Also, 3GB of RAM is really quite low. Consider doubling that for starters.
And of course, update to FTK2.2x. Generally with forensics, you want to use the latest release in a given series. Note I didn't say the latest version. I still use FTK 1 as my main tool until I'm 100% happy with FTK2.