Home
Latest images
Search
Register
Log inCAINE and Windows x64 OS versions
2 posters
Page 1 of 1
CAINE and Windows x64 OS versions
pkuhl Tue Jun 09, 2009 7:35 pm
I am attempting to use CAINE (Windows side) from the HTML page on a Windows Vista x64 bit laptop. I am running in various issues with the various tools for obvious reasons. I am looking for suggestions on how to make the various tools work. For example, none of the memory acquistion tools work..including the Winen64.exe. I get a driver error.
If I run some of the tools in compatibility mode (XP SP2) and run as administrator, some tools will work. For instance; if I run FTKImager normally, I can not see the Phyical devices; however, no probelm with the logical drives. If I change the properties of the FTKImager.exe to XP compatibility and run as administrator, I can see the physical devices.
Anyone else run into these issues?
P.Kuhl
If I run some of the tools in compatibility mode (XP SP2) and run as administrator, some tools will work. For instance; if I run FTKImager normally, I can not see the Phyical devices; however, no probelm with the logical drives. If I change the properties of the FTKImager.exe to XP compatibility and run as administrator, I can see the physical devices.
Anyone else run into these issues?
P.Kuhl
pkuhl- Number of posts : 7
Registration date : 2009-05-03
Memory Acquisition Tools - on CD
dsabour Wed Jun 10, 2009 6:28 am
I've used some of the memory acquisition tools (MDD, win32dd, FD, FDPro, Winen and Helix) and find mixed results when running them from a non-writable media. In the case of Winen and Winen64, the tool generates a hidden winen_.sys file when the program runs. If you cannot generate the file to the same directory, Winen fails.
As a test, copy the Winen64 program to a test system (on the hard drive) and run the program. You will see that it generates the .sys file. In Vista, you must open the Cmd Prompt using "Run as Administrator". I find the most robust tool to be FastDump Pro by HBGary in that it targets the widest assortment of Windows versions, 32 and 64 bit, >4GB of RAM and the pagefile.
ps..if you prefer using Winen, ensure you've upgraded to the latest version (v6.13) as the previous versions have a bug whereby a portion of the RAM image is not captured. v6.13 has reportedly fixed this bug.
With Windows-based systems, running the DOS-command "systeminfo" provides a full report of all the information you need to acquire the system. ie: Version of Windows, 32 vs. 64 bit, where the pagefile is stored, etc. I prefer piping the output to the destination USB drive where I'm exporting the memory image to.
Hope this helps....
As a test, copy the Winen64 program to a test system (on the hard drive) and run the program. You will see that it generates the .sys file. In Vista, you must open the Cmd Prompt using "Run as Administrator". I find the most robust tool to be FastDump Pro by HBGary in that it targets the widest assortment of Windows versions, 32 and 64 bit, >4GB of RAM and the pagefile.
ps..if you prefer using Winen, ensure you've upgraded to the latest version (v6.13) as the previous versions have a bug whereby a portion of the RAM image is not captured. v6.13 has reportedly fixed this bug.
With Windows-based systems, running the DOS-command "systeminfo" provides a full report of all the information you need to acquire the system. ie: Version of Windows, 32 vs. 64 bit, where the pagefile is stored, etc. I prefer piping the output to the destination USB drive where I'm exporting the memory image to.
Hope this helps....
dsabour- Number of posts : 1
Registration date : 2009-06-10
pkuhl- Number of posts : 7
Registration date : 2009-05-03
Similar topics» CAINE 1.5 Installed... WINE and Windows Registry Recovery
» versions available
» CAINE 1.5 Installed to capture image file from CAINE 1.5 Live CD
» Installed Caine with Caine From Deb. How should I set /etc/fstab?
» Using Stegdetect on Windows Drive
» versions available
» CAINE 1.5 Installed to capture image file from CAINE 1.5 Live CD
» Installed Caine with Caine From Deb. How should I set /etc/fstab?
» Using Stegdetect on Windows Drive
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum|
|
|