I want to get a little bit better at Windows forensics skills. My core skills are in Linux/Unix and networking. Where can I find some Windows disk images for using with forensics tools?
Also, where can I find Windows XP VM images? I have Vista but XP seems to been more widely used. Lot of the questions about windows forensics is dealing with Windows registry and filesystem metadata. So I would lilke to play with a XP VM system.
Thank you in advance.
K
You may want to have your own licensed copy of XP to work with. There are images available on the internet, but the majority are not going to be full installs of an OS.
A good method of validating and testing forensics is also to work on an image on which you know what 'evidence' exists (such as data you have personally planted on the drive).
You can fairly quickly and easily create a VM with VMware from a XP install disk, seed it with known evidence such as emails, deleted files, etc.., and then image it out with FTK Imager for analysis.
Not a VM, but it can be booted w/ LiveView
http//
If you just want images
http//
Haven't tried this one
http//
Just for the record, there are VM images available (for testing different versions of IE)
http//
but they are for MS own Virtual PC, which is notoriously slower than VmWare or better even, VirtualBox.
jaclaz
Just a few seconds on Google found this
http//
Once you convert the VPC system to a VMWare .vmdk file, you don't even have to boot it if you just want an image. All you need to do is open it in FTK Imager and acquire an image.