I have a laptop without CD drive, and I need to boot it and acquire image. I have booted into dos environment from a USB flash drive but can not acquire image yet, because encase boot cd or ftk imager is not usable in this case. I can't hook an external CD either.
The only solution seems to have a tool that works in dos mode but not requiring CD drive.
Is there a tool like this you know?
Thanks.
Has It a USB ? if so a USB CD Drive
Or Remove the HD from the Laptop
It has USB port, however it won't boot from an external CD-drive.
You could run Helix off the USB, if you search around you'll find instructions how to run it from a USB drive rather than the CD. You can then acquire to another external USB drive
Why not set up an external drive with two partitions? One with a Helix install and the other for the data you are going to collect?
Although if you can boot into DOS, you could also try getting the files off the older EnCase Boot disks. You would have to download version 5.x for that. Just copy the files you need to a USB drive and you should be set.
Tom
I have a laptop without CD drive, and I need to boot it and acquire image. I have booted into dos environment from a USB flash drive but can not acquire image yet, because encase boot cd or ftk imager is not usable in this case.
Why isn't EnCase Boot CD useable? You should be able to do a network acquiry – or don't you have a network or the appropriate network drivers either?
If you have a network, you should be able boot Helix (from USB), dd the source drive, and pipe output over any kind of network Helix allows you to set up – and that includes serial connections, unless I'm mistaken. All the usual precautions with checksums, of course.
In general, though, I'd try to extract the laptop drive, and connect it to a standard acquiry environment … or even connect to another laptop that allows more choice of external units.
Why can't you boot the system, log in, and run FTK Imager from a USB ext HDD?
I managed to boot it with helix on a usb flash drive. And now I want to acquire image, however, there seems to be two tools to acquire image. one is linen, which suddenly disappears during the imaging, and the other is adepto. Because linex disappears, I tried adepto. however its interface is so big and you cant see the buttons because the menus can not fit in one screen.
Do you know any other tool inside helix?
Do you know any other tool inside helix?
dd, dcfldd…
(incidentally, should this thread be in the Mobile Forensics forum?)
Tom
Why can't you just pull the hard drive and acquire it that way?