So far im liking this CAINE. I was looking for a distro that had write blocker inbuilt, really good because i want to image my SSD i partially overwritten. I just need to know one more thing, TRIM for SSD, is it deactivated in CAINE?
Glad you like CAINE, I find it very useful myself. As for your SSD trim question, I did not know the answer and so I asked the guy who manages the project and his response is: "Trim is off, since caine 10."
Hi man thx for the video. Can u tell me, what imag eoptions i have to choose, to get an image, that contains rly every Information on the harddrive? I need deleted files.
Hi Igor. You can use Guymager to acquire any physical image of the media of interest. ie raw or ewf format are fine. Then you can either use autopsy with the file carving ingest module (ruclips.net/video/c9FmlfMGjQI/видео.html) or run QPhotorec (ruclips.net/video/abyBS8fWT2s/видео.html) to carve the image to look for your deleted files. Hope that helps
If you want to view the images in Linux, watch these videos: ruclips.net/video/tt0-X7xH1DQ/видео.html ruclips.net/video/uZqW9Ay65ZE/видео.html you can use the command line to mount the images and then look through the mounted images. If you want to view the content of the images in Windows, watch this video: ruclips.net/video/NueXgGrF0qM/видео.html You would use FTK Imager to read in the image then you can see the filesystem and the files contained within. To get an in-depth analysis of the image, you can use a tool like Autopsy: ruclips.net/video/c9FmlfMGjQI/видео.html
So far im liking this CAINE.
I was looking for a distro that had write blocker inbuilt, really good because i want to image my SSD i partially overwritten.
I just need to know one more thing, TRIM for SSD, is it deactivated in CAINE?
Glad you like CAINE, I find it very useful myself.
As for your SSD trim question, I did not know the answer and so I asked the guy who manages the project and his response is: "Trim is off, since caine 10."
Hi man thx for the video. Can u tell me, what imag eoptions i have to choose, to get an image, that contains rly every Information on the harddrive? I need deleted files.
Hi Igor. You can use Guymager to acquire any physical image of the media of interest. ie raw or ewf format are fine.
Then you can either use autopsy with the file carving ingest module (ruclips.net/video/c9FmlfMGjQI/видео.html) or run QPhotorec (ruclips.net/video/abyBS8fWT2s/видео.html) to carve the image to look for your deleted files. Hope that helps
Great video, thanks :)
Glad you liked it!
Hello! Can this recover any windows logs ( event viewer ) if the laptop was wiped 2 times?
no, this is not a recovery tool but just an imaging tool. depending on how the laptop was "wiped" you may be able to use other tools to recover files.
How do I open these images created ? I went through your playlists and did not find anything.
If you want to view the images in Linux, watch these videos:
ruclips.net/video/tt0-X7xH1DQ/видео.html
ruclips.net/video/uZqW9Ay65ZE/видео.html
you can use the command line to mount the images and then look through the mounted images.
If you want to view the content of the images in Windows, watch this video: ruclips.net/video/NueXgGrF0qM/видео.html
You would use FTK Imager to read in the image then you can see the filesystem and the files contained within.
To get an in-depth analysis of the image, you can use a tool like Autopsy:
ruclips.net/video/c9FmlfMGjQI/видео.html