coerrace
asked on
Forensic Work
Hello I need to have a work creating an image of my hard drive could be like dd kind or any using Windows. These are the topics I need:
1.-Create the image of the hard drive in format dd or any format you suggest.What tool to use in Windows if there is free. I heard access data imager is good I think has cost.
2.-After create the image create the md5 hs from image and original HD to confirm was duplicated 100%. What tool to do thi in Windows free?
3.-Search in th image for files with the words "spell star".What tool to use in Windows free to search in the created image in format dd or any you suggested?
4.-Search in the image file for emails with the words "spell star".What tool in Windows to search in the created image in format with the words "spell star".
5.-For each tool to use in steps 1,2,3,4 if have the ability to store log files of each procedure step.
If somene can help to know what tools to use in each step by free if there are.
Thank you
1.-Create the image of the hard drive in format dd or any format you suggest.What tool to use in Windows if there is free. I heard access data imager is good I think has cost.
2.-After create the image create the md5 hs from image and original HD to confirm was duplicated 100%. What tool to do thi in Windows free?
3.-Search in th image for files with the words "spell star".What tool to use in Windows free to search in the created image in format dd or any you suggested?
4.-Search in the image file for emails with the words "spell star".What tool in Windows to search in the created image in format with the words "spell star".
5.-For each tool to use in steps 1,2,3,4 if have the ability to store log files of each procedure step.
If somene can help to know what tools to use in each step by free if there are.
Thank you
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I used FTK free version is very good for a free version has evertyhing and you can mount image or add evidence items inside itself and for emails an OST to PST converter reader and searcher
Thank you for all
Thank you for all
You can use something like DriveImage XML from Runtime.org,but you would need a write blocker of some sorts.