본문 바로가기
security/포렌식

Encase 부트 디스크 생성 이미지

김재벌 2009. 2. 16. 23:55
포렌식 도구로 유명한 인케이스를 이용하여 부트 디스크를 생성하려고 시도할 때마다 이미지파일 에러가 납니다.가이던스소프트웨어 사이트를 뒤져보니 하단의 링크에서 다운로드가 가능하더군요.

참고하시길 바랍니다..^^



Acquire Zip Drives Through the DOS Version of EnCase®

Acquire Zip Drives Through the DOS Version of EnCase® The following instructions describe creating a boot disk to acquire Zip drives through the DOS version of EnCase®. Be sure you are running the latest versions of EnCase® on your forensic computer.

  1. Download the EnCase® Barebones Boot Floppy Image from HERE and save file to your installation path
  2. Open EnCase® and go to Tools > Create Boot Disk...
  3. With a blank floppy in the drive, leave A selected as Target Diskette and click [Next >]
  4. Select "Overwrite diskette with a boot floppy base image", then click on the ellipsis box below to set the path to your installation path. (By default, bootfloppy.e01 is selected)
  5. For version 3:
    1. At the Copy Files window, click [Add]Browse to your installation directoryHighlight en.exeClick [Open]Click [Finish]
    2. Click [OK] to close the boot disk creation session
    For version 4 and version 5:
    1. At the Copy Files window, right click in the window and select NewBrowse to your installation directoryHighlight en.exeClick [Open]Click [Finish]
    2. Click [OK] to close the boot disk creation session
  6. Create a temporary directory (such as C:\IOMEGA\TEMP)
  7. Download the executable for the Iomega GUEST.EXE file (ftp://download.iomega.com/english/iodrv-dos-x86-10.exe) and save it to the newly created folder
  8. Go to the folder and double-click on IODRV-DOS-X86-10.EXE to extract the files.
  9. Copy all files in that directory (except IODRV-DOS-X86-10.EXE and AUTORUN.EXE) to the floppy (A:).
  10. Shut down the forensic machine (or suspect machine) with the storage drive and Zip drive attached and remove the cables to the hard drives. Start the machine and go into the BIOS, making sure that the BIOS is configured to boot from floppy only
  11. Shut the machine down, connect the cables to the storage drive and Zip drive, and put the boot floppy in the diskette drive.
  12. Boot the machine
  13. At the A:\> prompt, type "GUEST.EXE"
  14. Run EnCase® by typing "EN.EXE", adding the "/B" switch if you get "divide by" errors

출처 : http://www.guidancesoftware.com/support/articles/AcquireZipDrives.asp

 


저작자표시 비영리 변경금지

'security > 포렌식' 카테고리의 다른 글

포렌식 라이브 도구인 Helix  (2) 2009.03.11
mobile forensic 관련 장비와 도구  (4) 2009.02.22
플래시 메모리 포렌식을 위한 Exif Reader  (0) 2009.02.21
The EnCase Network Boot Disk 생성 링크  (2) 2009.02.19
포렌식을 위한 파일 시그니쳐 모음  (0) 2008.12.29

'security/포렌식' Related Articles

티스토리툴바