AccessData Imager 3.4.0.5 Release Notes
AccessData Imager 3.4.0.5 Release Notes
Document Date: 10/27/2015 ©2015 AccessData Group, Inc. All rights reserved.
Introduction This document lists the changes in the verion of AccessData Imager. All known issues published with previous release notes still apply until they are listed under “Fixed Issues.”
New Features AccessData
Imager has been updated so that it can read AD1 files created by 6.x versions of FTK, Summation, and eDiscovery. See Version compatibilty on page 2.
The
installation files were rebuilt with an updated time stamp on the signature.
Important Things to Know Image
mounting requires the latest Imager drivers be used on the computer. (58791) To ensure the latest drivers are used, complete the following steps: 1. As administrator, open a command prompt, and execute the following commands:
sc delete cbdisk sc delete cbdisk2 2. Reboot the computer. FTK
Imager does not have HPA or DCO support but can leverage technology (like some write-blockers) that make the information available during acquisition.
When
installing Imager, a prompt to install device software from the company EldoS Corporation appears. In order to complete the Imager install, you must select the option to Always trust software from EldoS Corporation and then click Install.
AccessData Imager 3.4.0.5 Release Notes
Introduction
| 1
Version compatibilty Starting with Imager 3.4.1, AccessData has produced a new AD1v4 image format that is different than the previous AD1v3 format. Older versions of AccessData products cannot recognize the new v4 format. As a result, two versions of Imager are available to download and use: Imager
3.4.0
Imager
3.4.2 (and later)
Use the following table to understand which products can use which AD1 format.
AD1 Image versions and supported applications
Imager 3.4.1 and later FTK 6.0 and later Summation 6.0 and later eDiscovery 6.0 and later
Imager 3.4.0
FTK 5.x and earlier Summation 5.x and earlier eDiscovery 5.x and earlier Imager 3.3.x and earlier
If you create an AD1 using one of these products, it is created only in the new v4 format. These products can read either AD1v3 or AD1v4 image files.
This version can read either AD1v3 or AD1v4 files but creates only AD1v3 files. Use this version when working with AD1 files for 5.x versions of FTK, Summation, or eDiscovery You can use this version to open an AD1v4 file and save it as an AD1v3 file. (See below) These products can read only AD1v3 files. These products can create only AD1v3 files.
Converting v4 image files to v3 It is important to note that AD1 files created in 6.x versions of FTK, Summation, or eDiscovery are the v4 format and cannot be read by 5.x versions and earlier of those products as well as Imager 3.3.x and earlier. Using an older version of Imager will result in an "Image detection failed" error. However, you can open a v4 file in Imager 3.4.0 (only) and save it as a v3 file. To use Imager 3.4.0 to convert a v4 file to a v3 file, note the following: The
verification hashes will be different because a v4 AD1 includes GUID tables that get hashed.
To
avoid having the top-level (filesystem) node's name changed, the AD1 should be created by doing the following: Correct:
File > Create Disk Image (follow wizard)
Incorrect:
Add AD1, expand, right click on filesystem node in tree, Export Logical Image (AD1)
Note: Note: An AD1 image is not really a disk image even though the option you use is Create Disk
Image.
AccessData Imager 3.4.0.5 Release Notes
Important Things to Know
| 2
Determining the Version of an Image File A hex editor can be used to quickly determine if your AD1 is v3 or v4.
Comments? We value all feedback from our customers. Please contact us at [email protected], or send documentation issues to [email protected].
AccessData Imager 3.4.0.5 Release Notes
Comments?
| 3
AccessData Imager 3.3.0 Release Notes
Document Date: 12/08/2014 ©2014 AccessData Group, Inc. All rights reserved.
Introduction This document lists the changes in AccessData Imager 3.3.0. All known issues published with previous release notes still apply until they are listed under “Fixed Issues.”
Important Things to Know Image
mounting requires the latest Imager drivers be used on the computer. (58791) To ensure the latest drivers are used, complete the following steps: 1. As administrator, open a command prompt, and execute the following commands:
sc delete cbdisk sc delete cbdisk2 2. Reboot the computer. FTK
Imager does not have HPA or DCO support but can leverage technology (like some write-blockers) that make the information available during acquisition.
When
installing Imager, a prompt to install device software from the company EldoS Corporation appears. In order to complete the Imager install, you must select the option to Always trust software from EldoS Corporation and then click Install.
Fixed Issues When
using the Create Disk Image option, and selecting a source that is another image file, the new image file will have the same hash value of the source file because it is a copy of the image file. If you use the Add Evidence option, then select an image file, and then use Export Logical Image, the new image file will have a unique hash value. (13767)
AccessData Imager 3.3.0 Release Notes
Introduction
| 4
Comments? We value all feedback from our customers. Please contact us at [email protected], or send documentation issues to [email protected].
AccessData Imager 3.3.0 Release Notes
Comments?
| 5
AccessData Imager 3.2.0 Release Notes
Document Date: 11/04/2014 ©2014 AccessData Group, Inc. All rights reserved.
Introduction This document lists the changes in AccessData Imager 3.2.0. All known issues published with previous release notes still apply until they are listed under “Fixed Issues.”
Important Things to Know Image
mounting requires the latest Imager drivers be used on the computer. (58791) To ensure the latest drivers are used, complete the following steps: 1. As administrator, open a command prompt, and execute the following commands:
sc delete cbdisk sc delete cbdisk2 2. Reboot the computer. FTK
Imager does not have HPA or DCO support but can leverage technology (like some write-blockers) that make the information available during acquisition.
When
installing Imager, a prompt to install device software from the company EldoS Corporation appears. In order to complete the Imager install, you must select the option to Always trust software from EldoS Corporation and then click Install.
Fixed Issues Hard
links parsed from an HFS+ system now display correctly in Imager. (13767)
Comments? We value all feedback from our customers. Please contact us at [email protected], or send documentation issues to [email protected].
AccessData Imager 3.2.0 Release Notes
Introduction
| 6
AccessData Imager 3.1.5 Release Notes
Document Date: 06/20/2013 ©2014 AccessData Group, Inc. All rights reserved.
Introduction This document lists the changes in AccessData Imager 3.1.5. All known issues published with previous release notes still apply until they are listed under “Fixed Issues.”
Important Things to Know Image
mounting requires the latest Imager drivers be used on the computer. (58791) In order to ensure the latest are used, do the following: 1. As administrator, open a command prompt, and execute the following commands:
sc delete cbdisk sc delete cbdisk2 2. Reboot the computer. AccessData
FTK Imager does not have HPA support but can leverage technology (like some writeblockers) that make the information available during acquisition.
AccessData:
FTK Imager does not have DCO support but can leverage technology (like some writeblockers) that make the information available during acquisition.
New and Improved The following are enhancements: You
can now create an image of WIndows 8/8.1 computers.
Fixed Issues When
running Imager on a Windows 8 computer, and mounting an ISO, the mounted ISO will now be displayed in the list. (32105)
AccessData Imager 3.1.5 Release Notes
Introduction
| 7
Comments? We value all feedback from our customers. Please contact us at [email protected], or send documentation issues to [email protected].
AccessData Imager 3.1.5 Release Notes
Comments?
| 8
AccessData Imager 3.1.4 Release Notes
Document Date: 11/21/2013 ©2013 AccessData Group, Inc. All rights reserved.
Introduction This document lists the changes in AccessData Imager 3.1.4. All known issues published with previous release notes still apply until they are listed under “Fixed Issues.”
Important Things to Know Image
mounting requires the latest Imager drivers be used on the computer. (58791) In order to ensure the latest are used, do the following: 1. As administrator, open a command prompt, and execute the following commands:
sc delete cbdisk sc delete cbdisk2 2. Reboot the computer. AccessData
FTK Imager does not have HPA support but can leverage technology (like some writeblockers) that make the information available during acquisition.
AccessData:
FTK Imager does not have DCO support but can leverage technology (like some writeblockers) that make the information available during acquisition.
New and Improved The following are enhancements: Support
for Microsoft Resilient File System (MS ReFS) The Microsoft Resilient File System (ReFS) found in Windows 8 and Windows Server 2012 is now supported.
Support
of Tableau-created files Opening ‘incomplete’ Tableau-created E01 files is now supported.
Support
for Encase Lx01 image files Lx01 files are now supported.
AccessData Imager 3.1.4 Release Notes
Introduction
| 9
Fixed Issues
NTFS support has been enhanced so the MFT is now used to build the file tree, not relying on $I30s directory indexes which may be corrupt. (24868)
Fixed
the issue that caused L01 files to be shown as a single byte file. (28498)
Known Issues When
running Imager on a Windows 8 computer, and mounting an ISO, the mounted ISO will not be displayed in the list. (32105)
Comments? We value all feedback from our customers. Please contact us at [email protected], or send documentation issues to [email protected].
AccessData Imager 3.1.4 Release Notes
Fixed Issues
| 10
AccessData Imager 3.1.3 Release Notes Document Date: 6/13/2013 ©2013 AccessData Group, Inc. All rights reserved.
Introduction This document lists the changes in AccessData Imager 3.1.3. All known issues published with previous release notes still apply until they are listed under “Fixed Issues.”
Important Things to Know Image
mounting requires the latest Imager drivers be used on the computer. (58791) In order to ensure the latest are used, do the following: 1. As administrator, open a command prompt, and execute the following commands:
sc delete cbdisk sc delete cbdisk2 2. Reboot the computer. AccessData
FTK Imager does not have HPA support but can leverage technology (like some writeblockers) that make the information available during acquisition.
AccessData:
FTK Imager does not have DCO support but can leverage technology (like some writeblockers) that make the information available during acquisition.
New and Improved The following are enhancements: Destination
Spanning When creating an image, you can now specify secondary locations to be used if the first location fills up.
Enhanced
Features for Command-line Imager
You
can now capture the RAM of a target computer
You
can now capture the Pagefile contents of the target computer
AccessData Imager 3.1.3 Release Notes
Introduction
| 11
Known Issues For
imager CLI, if you type ftkimager.exe and press enter, you get an error rather than getting the command-line help. You can access the help by typing ftkimager.exe -help. (23007)
Comments? We value all feedback from our customers. Please contact us at [email protected], or send documentation issues to [email protected].
AccessData Imager 3.1.3 Release Notes
Known Issues
| 12
AccessData Imager 3.1.2 Release Notes Document Date: 2/25/2013 ©2013 AccessData Group, LLC All rights reserved.
Introduction This document lists the changes in AccessData Imager 3.1.2. All known issues published with previous release notes still apply until they are listed under “Fixed Issues.”
Important Things to Know Image
mounting requires the latest Imager drivers be used on the computer. (58791) In order to ensure the latest are used, do the following: 1. As administrator, open a command prompt, and execute the following commands:
sc delete cbdisk sc delete cbdisk2 2. Reboot the computer. AccessData
FTK Imager does not have HPA support but can leverage technology (like some writeblockers) that make the information available during acquisition.
AccessData:
FTK Imager does not have DCO support but can leverage technology (like some writeblockers) that make the information available during acquisition.
New and Improved The following are enhancements: Improved
the detection and handling of corrupt $I30 index allocations.
Known Issues There
are no new known issues in this release.
AccessData Imager 3.1.2 Release Notes
Introduction
| 13
AccessData Imager 3.1.1 Release Notes Document Date: 9/6/2012 ©2012 AccessData Group, LLC All rights reserved.
Introduction This document lists the changes in AccessData Imager 3.1.1. All known issues published with previous release notes still apply until they are listed under “Fixed Issues.”
New and Improved The following are enhancements: FTK CLI
Imager now supports creating, reading, and verifying E01 files of drives greater than 2TB
Imager now supports creating and verifying E01 files of drives greater than 2TB.
When
performing a memory capture, you can now do the following:
Include Save
the pagefile
the memory capture as an AD1 file
Fixed Issues The following issues have been fixed: Imager
will now attempt to read exFAT file system images even if there is a slight disparity between the sector count of the volume and the exFAT partition information. Before, if any disparity existed, it would detect that the image had an invalid volume boot record, and it would not attempt to read the image. (69587)
AccessData Imager 3.1.1 Release Notes
Introduction
| 14
Important Things to Know Image
mounting requires the latest Imager drivers be used on the computer. (58791) In order to ensure the latest are used, do the following: 1. As administrator, open a command prompt, and execute the following commands:
sc delete cbdisk sc delete cbdisk2 2. Reboot the computer.
Known Issues There are no new known issues in this release.
Comments? We value all feedback from our customers. Please contact us at [email protected], or send documentation issues to [email protected].
AccessData Imager 3.1.1 Release Notes
Important Things to Know
| 15
AccessData FTK Imager 3.1.0 Release Notes Introduction This document lists the bug fixes for AccessData Imager 3.1.0. All known issues published with previous release notes still apply until they are listed under “Fixed Issues.”
New and Improved The following is an enhancement: There
is a new option in FTK Imager’s File menu to Decrypt AD1 Images. (56793)
EFS
Encryption detections now return a message when the encryption is not found as well as when it is found. (57849)
Fixed Issues The following issues have been fixed: Fixed
an issue where the Content Viewer in Imager would not preview files if Internet Explorer 9 was installed. (59339)
Fixed
an issue where a .csv file was not created for CDFS images when the “Create directory listings of all files in the image after they are created” is marked. (60895)
Fixed
an issue where creating a directory listing of a system containing exFAT crashes Imager. (59228)
Fixed
an issue where a .TXT file was not being generated after using the ADEncrypt utility. (56726)
Removed The
a non-functioning button from the Imager toolbar. (57815)
progress bar in the File > Verify dialog has been updated to provide better feedback. (54920)
Known Issues The following items are known issues: When
mounting an image to a drive, it may be possible to inadvertently choose a mapped drive that is already consumed and unavailable. If this occurs FTK does not change the mapped drive. To work around this, in Windows make sure that the drive letter that you choose to map for mounting the image is free before you select it. (57539)
Image
mounting does not work in FTK or Imager if the agent is installed on that machine. (58791)
AccessData FTK Imager 3.1.0 Release Notes
Introduction
| 16
Comments? We value all feedback from our customers. Please contact us at [email protected], or send documentation issues to [email protected].
AccessData FTK Imager 3.1.0 Release Notes
Comments?
| 17
Imager 3.0.1 Release Notes Introduction These release notes apply to AccessData FTK Imager 3.0.1.
New and Improved Added
support for AD Encrypted images.
Bug Fixes Fixed
a problem where an exported directory listing included a size column, but no size data was populated in the column cells. (17425)
Comments? We value all feedback from our customers. Please contact us at [email protected], or send documentation issues to [email protected].
Imager 3.0.1 Release Notes
Introduction
| 18
Document Date: 10/27/2015 ©2015 AccessData Group, Inc. All rights reserved.
Introduction This document lists the changes in the verion of AccessData Imager. All known issues published with previous release notes still apply until they are listed under “Fixed Issues.”
New Features AccessData
Imager has been updated so that it can read AD1 files created by 6.x versions of FTK, Summation, and eDiscovery. See Version compatibilty on page 2.
The
installation files were rebuilt with an updated time stamp on the signature.
Important Things to Know Image
mounting requires the latest Imager drivers be used on the computer. (58791) To ensure the latest drivers are used, complete the following steps: 1. As administrator, open a command prompt, and execute the following commands:
sc delete cbdisk sc delete cbdisk2 2. Reboot the computer. FTK
Imager does not have HPA or DCO support but can leverage technology (like some write-blockers) that make the information available during acquisition.
When
installing Imager, a prompt to install device software from the company EldoS Corporation appears. In order to complete the Imager install, you must select the option to Always trust software from EldoS Corporation and then click Install.
AccessData Imager 3.4.0.5 Release Notes
Introduction
| 1
Version compatibilty Starting with Imager 3.4.1, AccessData has produced a new AD1v4 image format that is different than the previous AD1v3 format. Older versions of AccessData products cannot recognize the new v4 format. As a result, two versions of Imager are available to download and use: Imager
3.4.0
Imager
3.4.2 (and later)
Use the following table to understand which products can use which AD1 format.
AD1 Image versions and supported applications
Imager 3.4.1 and later FTK 6.0 and later Summation 6.0 and later eDiscovery 6.0 and later
Imager 3.4.0
FTK 5.x and earlier Summation 5.x and earlier eDiscovery 5.x and earlier Imager 3.3.x and earlier
If you create an AD1 using one of these products, it is created only in the new v4 format. These products can read either AD1v3 or AD1v4 image files.
This version can read either AD1v3 or AD1v4 files but creates only AD1v3 files. Use this version when working with AD1 files for 5.x versions of FTK, Summation, or eDiscovery You can use this version to open an AD1v4 file and save it as an AD1v3 file. (See below) These products can read only AD1v3 files. These products can create only AD1v3 files.
Converting v4 image files to v3 It is important to note that AD1 files created in 6.x versions of FTK, Summation, or eDiscovery are the v4 format and cannot be read by 5.x versions and earlier of those products as well as Imager 3.3.x and earlier. Using an older version of Imager will result in an "Image detection failed" error. However, you can open a v4 file in Imager 3.4.0 (only) and save it as a v3 file. To use Imager 3.4.0 to convert a v4 file to a v3 file, note the following: The
verification hashes will be different because a v4 AD1 includes GUID tables that get hashed.
To
avoid having the top-level (filesystem) node's name changed, the AD1 should be created by doing the following: Correct:
File > Create Disk Image (follow wizard)
Incorrect:
Add AD1, expand, right click on filesystem node in tree, Export Logical Image (AD1)
Note: Note: An AD1 image is not really a disk image even though the option you use is Create Disk
Image.
AccessData Imager 3.4.0.5 Release Notes
Important Things to Know
| 2
Determining the Version of an Image File A hex editor can be used to quickly determine if your AD1 is v3 or v4.
Comments? We value all feedback from our customers. Please contact us at [email protected], or send documentation issues to [email protected].
AccessData Imager 3.4.0.5 Release Notes
Comments?
| 3
AccessData Imager 3.3.0 Release Notes
Document Date: 12/08/2014 ©2014 AccessData Group, Inc. All rights reserved.
Introduction This document lists the changes in AccessData Imager 3.3.0. All known issues published with previous release notes still apply until they are listed under “Fixed Issues.”
Important Things to Know Image
mounting requires the latest Imager drivers be used on the computer. (58791) To ensure the latest drivers are used, complete the following steps: 1. As administrator, open a command prompt, and execute the following commands:
sc delete cbdisk sc delete cbdisk2 2. Reboot the computer. FTK
Imager does not have HPA or DCO support but can leverage technology (like some write-blockers) that make the information available during acquisition.
When
installing Imager, a prompt to install device software from the company EldoS Corporation appears. In order to complete the Imager install, you must select the option to Always trust software from EldoS Corporation and then click Install.
Fixed Issues When
using the Create Disk Image option, and selecting a source that is another image file, the new image file will have the same hash value of the source file because it is a copy of the image file. If you use the Add Evidence option, then select an image file, and then use Export Logical Image, the new image file will have a unique hash value. (13767)
AccessData Imager 3.3.0 Release Notes
Introduction
| 4
Comments? We value all feedback from our customers. Please contact us at [email protected], or send documentation issues to [email protected].
AccessData Imager 3.3.0 Release Notes
Comments?
| 5
AccessData Imager 3.2.0 Release Notes
Document Date: 11/04/2014 ©2014 AccessData Group, Inc. All rights reserved.
Introduction This document lists the changes in AccessData Imager 3.2.0. All known issues published with previous release notes still apply until they are listed under “Fixed Issues.”
Important Things to Know Image
mounting requires the latest Imager drivers be used on the computer. (58791) To ensure the latest drivers are used, complete the following steps: 1. As administrator, open a command prompt, and execute the following commands:
sc delete cbdisk sc delete cbdisk2 2. Reboot the computer. FTK
Imager does not have HPA or DCO support but can leverage technology (like some write-blockers) that make the information available during acquisition.
When
installing Imager, a prompt to install device software from the company EldoS Corporation appears. In order to complete the Imager install, you must select the option to Always trust software from EldoS Corporation and then click Install.
Fixed Issues Hard
links parsed from an HFS+ system now display correctly in Imager. (13767)
Comments? We value all feedback from our customers. Please contact us at [email protected], or send documentation issues to [email protected].
AccessData Imager 3.2.0 Release Notes
Introduction
| 6
AccessData Imager 3.1.5 Release Notes
Document Date: 06/20/2013 ©2014 AccessData Group, Inc. All rights reserved.
Introduction This document lists the changes in AccessData Imager 3.1.5. All known issues published with previous release notes still apply until they are listed under “Fixed Issues.”
Important Things to Know Image
mounting requires the latest Imager drivers be used on the computer. (58791) In order to ensure the latest are used, do the following: 1. As administrator, open a command prompt, and execute the following commands:
sc delete cbdisk sc delete cbdisk2 2. Reboot the computer. AccessData
FTK Imager does not have HPA support but can leverage technology (like some writeblockers) that make the information available during acquisition.
AccessData:
FTK Imager does not have DCO support but can leverage technology (like some writeblockers) that make the information available during acquisition.
New and Improved The following are enhancements: You
can now create an image of WIndows 8/8.1 computers.
Fixed Issues When
running Imager on a Windows 8 computer, and mounting an ISO, the mounted ISO will now be displayed in the list. (32105)
AccessData Imager 3.1.5 Release Notes
Introduction
| 7
Comments? We value all feedback from our customers. Please contact us at [email protected], or send documentation issues to [email protected].
AccessData Imager 3.1.5 Release Notes
Comments?
| 8
AccessData Imager 3.1.4 Release Notes
Document Date: 11/21/2013 ©2013 AccessData Group, Inc. All rights reserved.
Introduction This document lists the changes in AccessData Imager 3.1.4. All known issues published with previous release notes still apply until they are listed under “Fixed Issues.”
Important Things to Know Image
mounting requires the latest Imager drivers be used on the computer. (58791) In order to ensure the latest are used, do the following: 1. As administrator, open a command prompt, and execute the following commands:
sc delete cbdisk sc delete cbdisk2 2. Reboot the computer. AccessData
FTK Imager does not have HPA support but can leverage technology (like some writeblockers) that make the information available during acquisition.
AccessData:
FTK Imager does not have DCO support but can leverage technology (like some writeblockers) that make the information available during acquisition.
New and Improved The following are enhancements: Support
for Microsoft Resilient File System (MS ReFS) The Microsoft Resilient File System (ReFS) found in Windows 8 and Windows Server 2012 is now supported.
Support
of Tableau-created files Opening ‘incomplete’ Tableau-created E01 files is now supported.
Support
for Encase Lx01 image files Lx01 files are now supported.
AccessData Imager 3.1.4 Release Notes
Introduction
| 9
Fixed Issues
NTFS support has been enhanced so the MFT is now used to build the file tree, not relying on $I30s directory indexes which may be corrupt. (24868)
Fixed
the issue that caused L01 files to be shown as a single byte file. (28498)
Known Issues When
running Imager on a Windows 8 computer, and mounting an ISO, the mounted ISO will not be displayed in the list. (32105)
Comments? We value all feedback from our customers. Please contact us at [email protected], or send documentation issues to [email protected].
AccessData Imager 3.1.4 Release Notes
Fixed Issues
| 10
AccessData Imager 3.1.3 Release Notes Document Date: 6/13/2013 ©2013 AccessData Group, Inc. All rights reserved.
Introduction This document lists the changes in AccessData Imager 3.1.3. All known issues published with previous release notes still apply until they are listed under “Fixed Issues.”
Important Things to Know Image
mounting requires the latest Imager drivers be used on the computer. (58791) In order to ensure the latest are used, do the following: 1. As administrator, open a command prompt, and execute the following commands:
sc delete cbdisk sc delete cbdisk2 2. Reboot the computer. AccessData
FTK Imager does not have HPA support but can leverage technology (like some writeblockers) that make the information available during acquisition.
AccessData:
FTK Imager does not have DCO support but can leverage technology (like some writeblockers) that make the information available during acquisition.
New and Improved The following are enhancements: Destination
Spanning When creating an image, you can now specify secondary locations to be used if the first location fills up.
Enhanced
Features for Command-line Imager
You
can now capture the RAM of a target computer
You
can now capture the Pagefile contents of the target computer
AccessData Imager 3.1.3 Release Notes
Introduction
| 11
Known Issues For
imager CLI, if you type ftkimager.exe and press enter, you get an error rather than getting the command-line help. You can access the help by typing ftkimager.exe -help. (23007)
Comments? We value all feedback from our customers. Please contact us at [email protected], or send documentation issues to [email protected].
AccessData Imager 3.1.3 Release Notes
Known Issues
| 12
AccessData Imager 3.1.2 Release Notes Document Date: 2/25/2013 ©2013 AccessData Group, LLC All rights reserved.
Introduction This document lists the changes in AccessData Imager 3.1.2. All known issues published with previous release notes still apply until they are listed under “Fixed Issues.”
Important Things to Know Image
mounting requires the latest Imager drivers be used on the computer. (58791) In order to ensure the latest are used, do the following: 1. As administrator, open a command prompt, and execute the following commands:
sc delete cbdisk sc delete cbdisk2 2. Reboot the computer. AccessData
FTK Imager does not have HPA support but can leverage technology (like some writeblockers) that make the information available during acquisition.
AccessData:
FTK Imager does not have DCO support but can leverage technology (like some writeblockers) that make the information available during acquisition.
New and Improved The following are enhancements: Improved
the detection and handling of corrupt $I30 index allocations.
Known Issues There
are no new known issues in this release.
AccessData Imager 3.1.2 Release Notes
Introduction
| 13
AccessData Imager 3.1.1 Release Notes Document Date: 9/6/2012 ©2012 AccessData Group, LLC All rights reserved.
Introduction This document lists the changes in AccessData Imager 3.1.1. All known issues published with previous release notes still apply until they are listed under “Fixed Issues.”
New and Improved The following are enhancements: FTK CLI
Imager now supports creating, reading, and verifying E01 files of drives greater than 2TB
Imager now supports creating and verifying E01 files of drives greater than 2TB.
When
performing a memory capture, you can now do the following:
Include Save
the pagefile
the memory capture as an AD1 file
Fixed Issues The following issues have been fixed: Imager
will now attempt to read exFAT file system images even if there is a slight disparity between the sector count of the volume and the exFAT partition information. Before, if any disparity existed, it would detect that the image had an invalid volume boot record, and it would not attempt to read the image. (69587)
AccessData Imager 3.1.1 Release Notes
Introduction
| 14
Important Things to Know Image
mounting requires the latest Imager drivers be used on the computer. (58791) In order to ensure the latest are used, do the following: 1. As administrator, open a command prompt, and execute the following commands:
sc delete cbdisk sc delete cbdisk2 2. Reboot the computer.
Known Issues There are no new known issues in this release.
Comments? We value all feedback from our customers. Please contact us at [email protected], or send documentation issues to [email protected].
AccessData Imager 3.1.1 Release Notes
Important Things to Know
| 15
AccessData FTK Imager 3.1.0 Release Notes Introduction This document lists the bug fixes for AccessData Imager 3.1.0. All known issues published with previous release notes still apply until they are listed under “Fixed Issues.”
New and Improved The following is an enhancement: There
is a new option in FTK Imager’s File menu to Decrypt AD1 Images. (56793)
EFS
Encryption detections now return a message when the encryption is not found as well as when it is found. (57849)
Fixed Issues The following issues have been fixed: Fixed
an issue where the Content Viewer in Imager would not preview files if Internet Explorer 9 was installed. (59339)
Fixed
an issue where a .csv file was not created for CDFS images when the “Create directory listings of all files in the image after they are created” is marked. (60895)
Fixed
an issue where creating a directory listing of a system containing exFAT crashes Imager. (59228)
Fixed
an issue where a .TXT file was not being generated after using the ADEncrypt utility. (56726)
Removed The
a non-functioning button from the Imager toolbar. (57815)
progress bar in the File > Verify dialog has been updated to provide better feedback. (54920)
Known Issues The following items are known issues: When
mounting an image to a drive, it may be possible to inadvertently choose a mapped drive that is already consumed and unavailable. If this occurs FTK does not change the mapped drive. To work around this, in Windows make sure that the drive letter that you choose to map for mounting the image is free before you select it. (57539)
Image
mounting does not work in FTK or Imager if the agent is installed on that machine. (58791)
AccessData FTK Imager 3.1.0 Release Notes
Introduction
| 16
Comments? We value all feedback from our customers. Please contact us at [email protected], or send documentation issues to [email protected].
AccessData FTK Imager 3.1.0 Release Notes
Comments?
| 17
Imager 3.0.1 Release Notes Introduction These release notes apply to AccessData FTK Imager 3.0.1.
New and Improved Added
support for AD Encrypted images.
Bug Fixes Fixed
a problem where an exported directory listing included a size column, but no size data was populated in the column cells. (17425)
Comments? We value all feedback from our customers. Please contact us at [email protected], or send documentation issues to [email protected].
Imager 3.0.1 Release Notes
Introduction
| 18
