1. Making image with FTK Imager
1.1 Description
FTK Imager is a Windows acquisition tool utilized by SANS forensics toolkits. FTK imager can create an image and paging file for windows; along with capturing volatile memory for analysis purpose.
1.2 Requirement
1) USB External hard drive. Recommend 1T or greater. It will be used to save the image.
2) Download FTK Imager (https://accessdata.com/product-download)
1.3 Make Image of the suspicious system
1) Install FTK Imager and open it.
2) Click Menu “File” > “Create Disk Image”
3) Choose the option “Physical Drive” click in “Next”, select the drive and click "finish".
4) Click “add”, Select Image Type: “Raw(dd)”. Click “Next”.
5) Leave “Evidence Information” blank, click “next”
6) Select the destination folder and add the name (Excluding Extension) entry with value zero for Raw, E01 and AFF Formats.
7) Click “Start” and wait until the Progress finish.
Also refer to:
1) Making Image of a laptop – Summary (https://andyinmatrix.blogspot.com/2022/01/making-image-of-laptop-summary.html )
2) Paladin Edge 64 (https://andyinmatrix.blogspot.com/2021/03/making-image-of-laptop.html )
3) Kali Linux (https://andyinmatrix.blogspot.com/2022/01/making-image-of-laptop-part-2.html )
4) FTK Imager (https://andyinmatrix.blogspot.com/2022/01/making-image-of-laptop-part-3.html )