FTK Imager

  • Description: tool for dumping memory to a .mem file, taking disk images, exporting files from disk images, generating MD5/SHA1 hashes for evidence, provides read only view of contents of disk image

  • Installation: can be downloaded from https://accessdata.com/product-download-page

  • Usage

    • To capture memory and save it to a .mem file: File -> Capture Memory

    • To create a .img file : File -> Create Disk Image

    • To inspect a disk image file: Add Evidence -> Image File

  • Resources

Previousforensics-workstationNextJohn the Ripper

Last updated