Hi everybody,
I am working on a case, where i am using FTK ver 1.7 for a full in-depth aquisition.
(every possible option except SHA1 )
The evidence 2.5Hard drive 40GB (32GB Free space)
My Notebook Toshiba Satellite M55-S1001
Processor 1.60 Ghz
Memory 704 MB of Ram
The aquisition took over 9 hours!!!!!!!!!
Why???? What should i do to speed up this process
Thanks
More information is needed before anyone can begin to provide useful assistance. I assume you mean ftk imager…not ftk itself.
Acquired over what connection?
To what device?
evidence drive - IDE? SATA?
Does your toshiba run USB 2.0? Does the writeblocker you were using?
Also I would throw some ram in that baby, you can never have enough ram.
Sorry for the lack of inormation…
I didnt use FTK imager… I used FTK.
I had a "Tableau IDE bridge" write blocker connected from one side to the laptop over a USB cable and from the other side it s connected to the hard drive through IDE hard drive adaptor.
It sounds like you are talking about the time to build the case including indexing, etc. I don't think FTK itself creates images. You may have just processed everything without creating an image file. Eleven hours is about right for that. It could also be slow because of the following
1. The source drive is slow, has errors or a combination of the two.
2. Same for the storage drive
3. The method of connecting the storage drive is slow, you didn't really say, but if you saved the image to your notebook drive it will be slow.