• How F-Response Saved Christmas

    Posted on December 23, 2011 by Lee Whitfield in Uncategorized.

    Those who know me will attest to the fact that I love F-Response but today it really came to the rescue.

    I’m doing an imaging job in the Dallas area. The client wants me to image four servers, three of which are business critical and can’t be out of use between 6am and 7pm.

    So, these servers are so old that they make Ken Pryor look like a teenager…

    At first I tried using FTK Imager (portable version) but that ended up crashing one of the servers (yikes). Thankfully the crash was over night and it was back up in time for the start of the working day.

    Next I tried DCFLDD. This worked for two of the servers (bearing in mind that I had to do this over USB 1.1). This was painstakingly slow but it worked. However, the other two servers were simply unable to cope with being imaged. They would continually lock up or lose connectivity to the USB drives.

    I tried netcat. No dice.

    I exhausted all of my practical possibilities.

    Finally we all decided to take the servers offline tonight and tomorrow night. We were going to image a 2TB server with SATA drives (yes, they had both IDE and SATA in their servers, as well as SCSI). If a boot disc wasn’t going to work I was going to have to image SATA drives (simple enough) and SCSI drives (shoot me in the head) with a Tableau write-blocker. My SATA write-blocker has eSATA so that would go pretty quick, but my SCSI write-blocker is USB. So, a bunch of SCSI drives to image, one at a time mind you. Then would come the painstaking effort of reassembling the RAID in some software tool.

    I could see what was going to happen. I was going to spend every evening from now until next week sitting in a cold server room imaging SCSI drives. I was going to cry.

    Thankfully the lab is armed with a copy of F-Response – Consultant Edition.

    After a little tinkering I was able to plug a laptop into the network and mount the drives from the problematic servers. Within a couple of hours the worst of the two servers was completely imaged and the largest of the servers was in progress.

    Tonight I am sat at home in the company of my gorgeous wife wrapping presents for the kids instead of  sitting in front of a laptop watching a status bar crawl, very slowly, across the screen.

    Thanks F-Response.

One Responseso far.

  1. Rick Mizell says:

    That is the perfect example of one may never have enough tools in one’s toolbox.

    Good story and Merry Christmas.

Leave a Reply

Your email address will not be published. Required fields are marked *