Our customer support team is here to answer your questions. Ask us anything!
👋 WhatsApp Us Now
Hardware/Software Setup Required
dd for Windows (available at http://www.chrysocome.net/dd)
Any distribution of Linux. For this exercise, we are using Knoppix 5.1Live CD available at http://www.knoppix.net/.
Problem Description
When investigating a computer-related crime, you should never work directly with the information stored in the computer hard disk (or any other storage medium). Instead, you should perform a bit-stream copy of the disk and analyze the data using this forensic copy. In this exercise, you are asked to create a forensic copy (image) of a flash drive connected to a Windows-based computer using the dd command. Then, you will need to mount the acquired image on a Linux box and explore the content of the flash drive.
Estimated completion time: 1 hour
Outcome
Report the steps you need to perform these tasks.
Validation/Evaluation
• To acquire the image, you need to know the preferred device name. How can you find out the name of the device using dd?
• How can you force dd to display progress information when acquiring the image?
• Is the image mounted for read-only operations?
• How can you mount the image with read-only permissions?
dd for Windows (available at http://www.chrysocome.net/dd)
Any distribution of Linux. For this exercise, we are using Knoppix 5.1Live CD available at http://www.knoppix.net/.
Problem Description
When investigating a computer-related crime, you should never work directly with the information stored in the computer hard disk (or any other storage medium). Instead, you should perform a bit-stream copy of the disk and analyze the data using this forensic copy. In this exercise, you are asked to create a forensic copy (image) of a flash drive connected to a Windows-based computer using the dd command. Then, you will need to mount the acquired image on a Linux box and explore the content of the flash drive.
Estimated completion time: 1 hour
Outcome
Report the steps you need to perform these tasks.
Validation/Evaluation
• To acquire the image, you need to know the preferred device name. How can you find out the name of the device using dd?
• How can you force dd to display progress information when acquiring the image?
• Is the image mounted for read-only operations?
• How can you mount the image with read-only permissions?