How to Import On-Premise Disk Images and Triage Collections from Third-Party Tools

Full Disk Collections using FTK Imager

While triage collections are recommended for being smaller and faster to process, full disk images can also be imported into Cado. You can create these images using tools like FTK Imager, a free tool widely used for forensic disk imaging.

Steps to create a disk image using FTK Imager:

Download FTK Imager from the Exterro website.
Follow the tutorial on CloudNine to create a disk image.

Cado supports importing full disk images in formats such as .dd and .e01.

KAPE and Velociraptor

Cado also supports forensic collections in ZIP format from open-source tools like KAPE and Velociraptor. Simply collect the artifacts and upload the ZIP file to cloud storage for import into Cado.

How to Import On-Premise Disk Images and Triage Collections from Third-Party Tools

Full Disk Collections using FTK Imager​

KAPE and Velociraptor​

Full Disk Collections using FTK Imager

KAPE and Velociraptor