Friday, May 7, 2010

Guidance Software releases "WinAcq", a command line acquisition tool in EnCase v6.16

For those of you who read the "New Features" section in the help file, this may be old news, but the latest release of EnCase now has a command line acquisition tool called "WinAcq".

This tool is designed to run from the command line in the Windows Operating System  to acquire whatever physical or logical drive you specify. The utility can be run interactively, where it prompts for certain information before it executes the acquisition, or it can be run from the command line with all the options specified on the command line. Additionally, you can also create a config file that contains all the config settings that you want the utility to use. The latter two allow for batch or scripted operation, i.e. on a flash drive or bootable CD.

Luiz Rabelo posted a very good article on his blog about all the command line options and even did some videos. His page is in Portuguese but you can view it in English here with the help of Google.


Post a Comment

Computer Forensics, Malware Analysis & Digital Investigations

Random Articles