Hello,
Have a WinBook that I am having trouble imaging. Cannot get it to boot into the Paladin 32 bit or 64 bit OS. The device is also password protected with no available password. The storage is eMMC so no possibility to remove. Anyone image one of these devices successfully? Cellebrite, of course, has no options either. Thank you.
Try using Hiren Boot Disk. Updated version now have live windows 10 to run various tools for imaging storage. I am expecting it should not give issues in booting live Win10.
Also, you can bypass windows password by renaming utiman.exe to cmd.exe but this is not forensically accepted as it changes the data.
Try using Hiren Boot Disk.
Where can I buy a license for that?
jaclaz
Try using Hiren Boot Disk. Updated version now have live windows 10 to run various tools for imaging storage. I am expecting it should not give issues in booting live Win10.
Also, you can bypass windows password by renaming utiman.exe to cmd.exe but this is not forensically accepted as it changes the data.
Yeah, unfortunately, we are accredited and cannot use tools not validated internally. (
Try using Hiren Boot Disk.
Where can I buy a license for that?
jaclaz
The iso is available for free to download. Link https://
It has various tools for Imaging(Acronis, Lazesoft), Recovery, Testing etc tools. I use it from now and then depending on situation. But it is not an exclusive forensic tool.
The developer had compiled various opensource, freeware tools, HDD Diagnostics utilities and put them on a WIN PE os for live boot. There is not a lot of documentation on the website.
Yeah, unfortunately, we are accredited and cannot use tools not validated internally. (
You can use the boot disc and install FTK Imager on live Win os or use Encase Imager to acquire the image.
Or the other workaround I can think of is to build your own bootable windows IoT os with minimum features and run encase imager or ftk imager on it.
Just some ideas! May be someone have better options than this.
…
It has various tools for Imaging(Acronis, Lazesoft), Recovery, Testing etc tools. I use it from now and then depending on situation. But it is not an exclusive forensic tool.The developer had compiled various opensource, freeware tools, HDD Diagnostics utilities and put them on a WIN PE os for live boot. There is not a lot of documentation on the website.
Sure.
Point being that last time I checked the Windows PE itself was not redistributable anyway, as well as a number of the softwares included.
Besides the above, a "normal" PE - unless special provisions are implemented - will modify hard disks and similar devices when booting/mounting, so "as-is" it is NOT forensic sound.
Or the other workaround I can think of is to build your own bootable windows IoT os with minimum features and run encase imager or ftk imager on it.
Just some ideas! May be someone have better options than this.
So the ideas are
1) build your own PE
2) build a forensic sound PE, i.e. a WinFE, *like*
http//
jaclaz
Some potentially useful sources
https://articles.forensicfocus.com/2017/01/06/windows-10-pe-for-digital-forensics/
https://
Thanks, everyone. I will look a bit more into these and let you know what I get.
