Junior Member
I know there is a Forensic mode live boot, but I need to install Kali Linux to make forensic images of disks and analyze them.
I would like to know if the graphical installion of Kali Linux is forensic.
I mean, if there is a swap partition it will not be used, no internal disk will be auto mounted and auto-mounting of removable media will be disabled.
In case graphical installion of Kali Linux is not forensic, could this feature be configured? How?
Senior Member
I think i saw somwwhre the usage of forensic mode is via usb, to boot to machine with it. Then examine from there.Originally Posted by gif
easy to start; hard to finish
Senior Member
I can't answer that but an additional hardware tool you might want to buy before doing any imaging is a write blocker. Something like that:
- https://www.amazon.com/SiForce-Prote...dp/B07BSXGLNY/
- https://www.amazon.com/Tableau-TK8u-...dp/B00YDEM30O/
Junior Member
Yes, that's an option, but it also can be done with forensic mode. Also, I need to make images of M.2 SSD disks that generally are not supported by write blockers.
Junior Member
Yes, I know I can do that. But I would like to have a forensic installation, similar to CAINE or DEFT.
Senior Member
Tableau has some hardware to handle them:https://www.guidancesoftware.com/tab...ardware/tda7-2
Junior Member
Thanks for your answer. I know about write blockers and I also have some of them. I'm trying to do a different thing, without hardware write blockers, similar to CAINE or DEFT.
Posting Permissions
