Scenario: you are given a pc and you are faced with this scenario:

  

Scenario:

You are given a PC and you are faced with this scenario: you don’t know the password to the PC which means you can’t login so you can use a forensic tool like FTK IMAGER to capture the hard drive as a bit-for-bit forensic image AND/OR

1. The hard drive is either soldiered onto the motherboard (there are some new hard drives like this!) or cannot be removed because the screws are stripped (this has happened to me); 

2. Even if you figured out the password or got an admin password the PC may have its USB ports blocked via a GPO policy (this is very common in corporations now); 

3. Even if you can get the GPO policy overridden you may have some concerns about putting it on the network (which is true especially if you are dealing with malware). 

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply