How to Create and Convert RAW Image in Encase and AFF Format

at 12:56 AM Friday, May 22, 2015
Forensic Imager is a Windows based program that will acquire, convert, or verify a forensic image in one of the following common forensic file formats:
·         DD /RAW (Linux “Disk Dump”)
·         AFF (Advanced Forensic Format)
·         E01 (Encase®)

Program Functions
Forensic Image provides three separate functions:

·         Acquire: The acquire option is used to take a forensic image (an exact copy) of the target media into an image file on the investigators workstation;
·         Convert: The convert option is used to copy an existing image file from one image format to another, e.g. DD to E01;
·         Hash or verify: The hash or verify option is used to calculate a hash value, MD5, SHA1 or SHA256, for a device or an existing image file.

Includes the option to SHA256 sector hash a device so that known sectors can be located within an image files (e.g. a single sector of a jpeg file left in unallocated clusters can be identified by its sector hash).


First Download Forensics Imager from here and install in your pc then open Forensics Imager and click on Acquire option.


It will show you all drives. Select the desired Drive whose image to be created. Click on next.


Now select image type from drop down menu and select the output filename in Folder option where you want to save your Evidence Image and fill the details such as Case Name, Evidence Number, and Examiner etc. And click on start.


Now it will show you the Acquisition Progress. After the completion of this progress, it will create a raw image in the specified folder.


Now we will proceed further to Convert RAW File in to Encase Format.

Now again open forensics imager click on add image and select your desired image which is to be converted.  Then click on next.


Now we will select image type from Drop Down Menu now select your desired format you want to be converting and select the output file in the folder Option where you want to save your Raw image in Encase format. Click on Start Option.


Now it will show us Conversion Progress & after the completion of this progress a Encase formatted file will be created in the specified folder

Labels:

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)