Endpoint Detection and Response (EDR) agents or aggressive third-party antivirus software may flag low-level forensic drivers as suspicious behavior (often classifying them as "Rootkits" or "Privilege Escalation" attempts because of how they bypass the file system).
Windows often blocks forensic drivers because they are not "signed" by Microsoft. You can temporarily disable this security feature. ftk imager could not start driver
Once the computer restarts, navigate to Troubleshoot > Advanced options > Startup Settings > Restart. Press 7 or F7 to "Disable driver signature enforcement." Try running FTK Imager once the system reboots. Endpoint Detection and Response (EDR) agents or aggressive
You can attempt to manually start the driver service using the Windows Service Controller by typing: net start [driver_service_name] or checking Windows Device Manager for hidden "Non-Plug and Play Drivers" to see if it is disabled. 5. Check for Third-Party Antivirus Blocks Once the computer restarts, navigate to Troubleshoot >