In the process of analyzing a suspicious machine, the first thing we need to do is to actually image the machine we want to investigate. There are different tools available to do this, but the one I most often use is FTK Imager by AccessData. The FTK Imager tool is easy to use and more importantly, there is a free version.
ReadFor years, there has been an OS war between Linux, Windows and macOS for dominance. Each side would vehemently defend their OS of choice and disregard any positive sides of their "opponents". Of course, each operating system has its benefits and drawbacks and it is not my job or place to say which is the best.
ReadIn this blog post we show how to install the latest (GIT) version of Volatility memory forensics framework on Debian, Ubuntu or Mint.
Read