Has anyone had a file so big with FTK it spanned several DVD's in size? If so, what software did you use to span the disks to give to an investigator?
My first thought would be to put the file on a hard drive just large enough to hold it. Hash it, document it and maybe even hold another copy of everything on another hard drive.
Hard drives are pretty cheap, it's not always worth the time to split a large file, copy it to multiple DVDs and then hope the person you give it to knows how to put it together again.
Another possibility is Blu-ray data disks. Single layer will get you 25GB, dual layer is 50GB. Of course you need to add the cost of the drive. I haven't used this so I don't know anything about write speed for the drives.
TonyC
I second the idea of an external hard drive. You get get up to a 1 TB USB 3.0 external hard drive for around $80. They're already paying around $300 per hour - an extra $80 for them to pony up for the actual data should be a near-negligible cost.
Another possibility is Blu-ray data disks. Single layer will get you 25GB, dual layer is 50GB. Of course you need to add the cost of the drive. I haven't used this so I don't know anything about write speed for the drives.
TonyC
This was my thought but the problem is many of the investigators do not have Blue-ray. Although the hard drive is a good idea, it is not an alternative, It has to work with DVD's.
Another possibility is Blu-ray data disks. Single layer will get you 25GB, dual layer is 50GB. Of course you need to add the cost of the drive. I haven't used this so I don't know anything about write speed for the drives.
TonyC
This was my thought but the problem is many of the investigators do not have Blue-ray. Although the hard drive is a good idea, it is not an alternative, It has to work with DVD's.
Use 7-Zip to Split to volumes, bytes 4480M - DVD. Then copy each volume onto individual DVD disks and have the investigator extract it onto the his/her own hard drive
Looks like my answer Marcyu, I'll give it a try.
Thanks.
First of all, are you saying the forensic image file is large? Or is it derivative evidence?
When you image a hard drive in FTK imager, or in Encase for that matter, you set the output file size to whatever you need. For it to fit on DVDs, most people split the image into 2 GB segments. That way you can put multiple image files on each DVD.
If you have EnCase, you can simply open the image file in a new case and the reacquire it to change the output file size for the images to break it into segments.
I am not sure if FTK imager will let you do that, and I am not in a place where I can check it.
Otherwise Pensacola's suggestion of using 7-zip to span will work, but you risk corrupted zip files in the process, so each would need to be tested to make sure you can extract them.
@marcyu, @LarryDaniel
7z worked as I was able to span the evidence file (final report) over two DVD's. One thing was to make it into a zip file instead of the defaulf of 7z. For whatever reason the zip worked better and was easier for non-tech persons to extract. The only issue was it splits the file and with one "unzip" only "unzips" the files in the one container, even if there are multiple zip containers. What one would need to do is extract each file and then inport those extracted files into one main folder so FTK can reference it in its normal reading enviroment. In any case 7z solved the problem, thanks for the assistance!!