Devices
From Digital Forensics Framework
This module is used to select a device of the local host and perform a live analysis on it.
|
|
To analyze a device, DFF musts be launched with administrator privileges. To do so under Windows Vista, you can read this entry of the FAQ. Under Linux, use sudo or su. |
First method
To open a device, you will need to click on the Add device button on the left of the Application toolbar. The following dialog box will be displayed :
In the Device list, all the available devices of your systems will be listed. You just have to pick up the one you want to analyze. Once you have made your choice, click on the OK button. The dialog box will be closed.
Second method
You also can add evidence files or devices through the Application menu -> File -> Open evidence file(s) and Application menu -> File -> Open local device. Some values can be configured using this method.
The available options are :
- Name : the name of the node you are about to create (by default, the name of the device, such as sda1 or C:).
- Parent : the name of the parent of the node that will be created (Local device by default).
- Path : the path to the device on your local host (/dev/sda1 for example).
- Size : the size of the device (by default, the actual size of the device).