IBM AS400 - Forensi...
 
Notifications
Clear all

IBM AS400 - Forensic Acquisition Questions

2 Posts
2 Users
0 Likes
398 Views
(@tharr4000)
Posts: 1
New Member
Topic starter
 

Looking to run a full disk acquisition of several IBM AS400 systems running the OS/400 operating system. Has anyone accomplished this?

I know that the system itself won't run the normal 3rd party tools like FTK Imager… does the OS have some native 'dd' equivalent that I'm not finding?

My other thought would be to try and boot to some Linux distro and capture that way, but will this even do any good with the proprietary file system the OS uses? Would I be able to possibly virtualize the server later to run further analysis?

 
Posted : 12/08/2019 3:40 pm
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

You can always take the disks out and image them on *any* machine through a writeblocker with a suitable interface.

But what will you do with such images?

I mean you will need anyway the assistance of an AS/400 expert, to access and interpret the contents of these images, won't you?

And no, I don't think that there are AS/400 emulators, let alone tested ones for forensic scopes. (

jaclaz

 
Posted : 13/08/2019 7:01 am
Share: