Has anyone had much experience using this
It's a live linux boot CD. It runs Ubuntu and contains an imaging tool.
It images to .e01 .dd and .dmg
I've given it a test and would appear to be pretty good.
Up to now we've been using IXimager but that won't do .e01 so a bit of a problem with compatibility with our images. So we're looking for a good imager to do onsite work that is stable and easy to use (i.e. not encase!!)
If anyone else has experience of Raptor or can see any problems then i'd like to know.
Cheers
Up to now we've been using IXimager but that won't do .e01 so a bit of a problem with compatibility with our images. So we're looking for a good imager to do onsite work that is stable and easy to use (i.e. not encase!!)
FTK Imager is free, and will convert a .E0x image to dd for you…
FTK Imager is free, and will convert a .E0x image to dd for you…
I use FTK imager, but its windows based, and we need a live CD imager to do onsite imaging and host machine imaging. Some laptops are a real pain to remove the HDD.
Also we don't charge clients by the hour……. lol
I use FTK imager, but its windows based, and we need a live CD
FTK-imager runs nice from Windows LiveCD
Raptor works really well, both for imaging and is also very good for previews.
If you get a chance to do the Forward Discovery MacForensics course, they cover Raptor as part of the course. Plus the course is very very good. Very well run with excellent presenters.
The imaging side of Raptor works really well and is very easy to get going. Fast as well! I have Raptor (intel and PPC) and Helix in my response kit (along with a ton of other stuff!).
I know you said not EnCase but you could use LinEn too. Just make a live CD with it or run it from a USB.
I have used LinEn off a USB key with BackTrack and it worked just fine. Interface is pretty basic and easy to use - I am told its basically the same as the old DOS EnCase boot floppy, but I am far too young to have used that )
Ever thought about using Windows PE…
http//
You may want to prepare for notebooks without optical drives. A bootable USB solution would be a good option. There are a lot of netbooks and other ultra-portable notebooks with no optical drive. That or just look at some in the store for ideas on hard drive removal. Then again many of those don't have hard drives at all.
Just something to consider.
Hi Guys
I recently used raptor in a test run. I used the find function under the raptor toolbox menu to acquire blackberry .bbb files and extract the files from the test subject onto a usb key.
I was able to extract the files to the usb key;however, when trying to view the files under windows xp via abc amber, all i see are .rfr files.
How do I open rfr files generated by raptor?
I use Raptor quite often for acquisitions. I use it from a bootable usb drive most often. Works great and is very user friendly.