Welcome everyone to my first blog. Its been a goal of mine to improve my skills with Incident Response and Ethical hacking and this will be the first of many posts as I begin that process.
For this entry I've decided to focus on FTK Imager. I've never used this software until today but felt it was a good place to start as it leads into many other tools that I'm keen to use.
Currently my lab is running from VM workstation. I've created one Windows XP SP3 contained in a host only network with the ip address range of 10.10.10.x. I've also installed Ubuntu 11.10 which is currently operating squid proxy. This VM has two interfaces and proxies connections out through my local network. With a limitation on hardware this is currently my best method of containment. I've also configured the SANS SIFT virtual machine which I'll be using in later posts.
The long term plan is to run some live malware in my labs and then use tools that I've learnt along the way to investigate what actions the malware has actioned. In this case this is a clean install of Windows and currently there is no malware located on the machine.
So I began by downloading FTK Imager and installing it on my local computer. I've then grabbed a copy and placed it on a USB drive and connected it to my Windows XP virtual machine. This machine currently only has a 10gb hard drive for ease of imaging now and in the future.
Once the USB drive was connected I ran the FTKImager.exe application. Once the application loads I select the option to Create Disk Image.