just curious what tool do u guys use to acquire live machine?
i am using one of the open souce and the time for acquisation is killing me
For live acquisitions of Windows systems (you didn't specify), I usually use FTK Imager or FTK Imager Lite (both free from the AccessData web site) run from a CD or USB HDD, and image to a USB HDD.
You can also use dd.exe from George M. Garner's site, as well.
Knowing what OS you're working with and what tool you're currently using might be of some help in scoping this for you, but in most cases, it can really come down to the size of the media you're trying to acquire.
HTH
Greetings,
The speed is probably a function of the interface to your collection disk more than the tool you're using.
-David
Check out Live Response from e-fense
You can use AccessData FTK Lite (no install) on a USB flash drive. Plug it in and image onto an external HD. The full FTK Imager program is free to download and use, but it requires installation to a Windows PC.
What open source program were you using to capture a live image?
In addition to FTK Imager, you may want to take a look at X-Ways Capture. This is a very very neat app that does a lot more than just image live. Its not free, but well worth every penny. Also runs from external media. I like it 😉
http//
Depending on the situation f-response may suit your needs.
Check out Triage Live from ADF - simple and it works!