How to Import On-Premise Disk Images and Triage Collections from Third-Party Tools

Full Disk Collections using FTK Imager

While triage collections are recommended for being smaller and faster to process, full disk images can also be imported into / Forensic Acquisition and Investigation. You can create these images using tools like FTK Imager, a free tool widely used for forensic disk imaging.

Steps to create a disk image using FTK Imager:

Download FTK Imager from the Exterro website.
Follow the tutorial on CloudNine to create a disk image.

/ Forensic Acquisition and Investigation supports importing full disk images in formats such as .dd and .e01.

KAPE and Velociraptor

/ Forensic Acquisition and Investigation also supports forensic collections in ZIP format from open-source tools like KAPE and Velociraptor. Simply collect the artifacts and upload the ZIP file to cloud storage for import into / Forensic Acquisition and Investigation.

How to Import On-Premise Disk Images and Triage Collections from Third-Party Tools

Full Disk Collections using FTK Imager​

KAPE and Velociraptor​

Full Disk Collections using FTK Imager

KAPE and Velociraptor