JerryW – I just tried your suggestion, it still came out AD1. I will try using Autopsy, but open to any other ideas. I have found some content online for creating a DD image with linux, but I want to ensure that I convert the ad1 to DD, not just create a DD image containing the ad1 file! One colleague I shared the above with has recommended I try Autopsy, which is included in the Paladin accessories, as well as in Kali Linux. Emailed Sumuri, so far haven’t heard back, wondering if its a bug or I need to update my Paladin, as it was strange that Paladin Toolbox’s Image Converter is stuck/unclickable for the tab ‘Image List’ - it does not list any images, cannot be selected to make it drop down, and clicking the refresh button on the right hand side does not do anything.īack at the lab I just created a small test image of a folder with FTK Imager in ad1, tried the different versions of Paladin including 32-bit Paladin Edge, same issue cannot get the converter to list the ad1 image. Mostly finding info on E01 to DD, or forums telling me to purchase Forensic Explorer.ĭo I need to perform an update? It says Paladin 7.05 on the toolbox. Tried googling, checked youtube, and of course checked these forums before posting. I cannot click/select ‘Image List’ - it does not list any images, cannot be selected to make it drop down, and clicking the refresh button on the right hand side does not do anything. Was unable to use Paladin Image Converter even after following the instructions and mounting RW. Read the manual and confirmed it wants the external drive mounted as RW, so mounted drive containing the image. Tried Paladin 7.05 USB, the Paladin Toolbox has an Image Converter option. Tried using FTK Imager (not the full suite, just imager) to export the image, but that option is greyed out (Selected File, Add Evidence Item, Once added to evidence tree on left, right clicked, but ‘Export Disk Image…’ greyed out/not selectable). Physical/Logical, etc.).īack at the lab, EnCase would not ingest the ad1 images. I have heard Mount Image Pro and Forensic Explorer can accomplish this, but I am treating it more like a challenge to learn and MacGyver a solution, if possible.Ĭontext 1 Recently had a limited amount of time to access a desktop for collection, so used FTK Imager 4.2.1.4 to collect logical C drive, so FTK Imager’s output was automatically AD1.Ĭontext 2 A colleague with same issue (limited amount of time), was instructed to perform live targeted collection he used FTK Imager to collect a user folder (FTK lists as ‘Contents of a Folder” when you are choosing type of image you want to create i.e. Looking for an alternative method to convert.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |