Ftk Imager Could Not Start Driver New __hot__ | PROVEN ✦ |
When encountering an issue like "FTK Imager could not start driver," it typically points to a problem with the device or driver that FTK Imager is trying to access. FTK Imager is a popular tool used in digital forensics for creating forensic images of drives and other storage media. Here are some steps and considerations to troubleshoot and potentially resolve the issue:
What If Nothing Works? Alternative Forensic Tools
If you cannot resolve the driver error and need immediate disk imaging, consider these alternatives that do not rely on problematic kernel drivers:
| Tool | Description | Driver Requirement |
| :--- | :--- | :--- |
| DD (Command Line) | dd if=\\.\PhysicalDrive0 of=image.dd works via Windows raw device handles, no special driver. | None |
| Guymager | Linux-based imager (run via WSL or Live USB). | Linux native drivers |
| Caine / Paladin | Bootable forensic Linux distros that bypass Windows entirely. | None |
| R-Studio | Commercial data recovery tool that can create E01 images using its own certified drivers. | Signed driver (works out of box) |
Preventing the Error on Future Reboots
If you disabled driver signature enforcement or Memory Integrity just to run FTK Imager, you will have to repeat those steps after each reboot. That is burdensome. Here is the permanent professional solution: ftk imager could not start driver new
3. Lack of Administrator Privileges
Starting a kernel driver requires elevated rights. If you launch FTK Imager without "Run as administrator", the driver installation/start request will be denied.
Step-by-Step Solutions to Fix "Could not start driver new"
Start with the simplest fix and work your way down the list.
Solution 4: Manually Remove Leftover Driver Files
If the error persists, a previous FTK Imager instance may have left a locked driver. When encountering an issue like "FTK Imager could
- Open Command Prompt as Administrator.
- Type the following commands, pressing Enter after each:
sc stop ewf sc delete ewf fltmc unload ewf - Navigate to
C:\Windows\System32\drivers\and look for files namedewf.sysorftkimager.sys. If found, rename them toewf.old. - Reboot your machine.
- Reinstall FTK Imager (fresh download from Exterro/AccessData).
4. Existing Driver Conflict or Stuck Service
If a previous FTK driver failed to unload, Windows may refuse to start a new one.
Steps:
- Open CMD as Admin
sc stop ftkimager(if service exists)sc delete ftkimager- Reboot PC
- Run FTK Imager as Admin
Solution 3: Check for Conflicting Drivers (The "Delete" Method)
If you have used other forensic tools (like OSFMount or older versions of FTK), they may have left behind a driver named dawidrv or ftkimager that is now conflicting. Open Command Prompt as Administrator
- Open Device Manager (Right-click Start button > Device Manager).
- Click the View menu and select Show hidden devices.
- Expand the Non-Plug and Play Drivers section.
- Look for drivers related to "AccessData" or "FTK."
- Right-click them and select Uninstall.
- Reboot the computer and try FTK Imager again.
Conclusion
The error "FTK Imager could not start driver new" is a security feature, not a bug. Modern Windows versions are actively blocking legacy forensic drivers to protect against rootkits. As a forensic examiner, you must decide: either lower security settings on your dedicated workstation, or upgrade to a newer forensic toolset that uses Microsoft-certified drivers.
For most users, Solution 2 (Disable Signature Enforcement temporarily) or Solution 3 (Disable Memory Integrity) will resolve the issue instantly. If you are in a corporate environment with strict IT policies, reach out to your security team to have the FTK Imager driver explicitly allowed.
Remember: FTK Imager is a read-only tool, and its driver is safe. Once you bypass the block, you can return to what matters—preserving evidence and finding the truth.
Keywords: FTK Imager could not start driver new, FTK Imager driver error, fix FTK Imager Windows 11, EWFsys error, forensic driver signature enforcement, AccessData FTK Imager not starting.