From the course: CompTIA Security+ (SY0-601) Cert Prep: 9 Operations and Incident Response

Unlock the full course today

Join today to access over 22,600 courses taught by industry experts or purchase this course individually.

Creating forensic images

Creating forensic images

From the course: CompTIA Security+ (SY0-601) Cert Prep: 9 Operations and Incident Response

Start my 1-month free trial

Creating forensic images

- [Instructor] Once you've connected a drive that you'd like to image to a write-blocker, you can use disc acquisition tools to create a snapshot of that drive for a forensic analysis. Let's take a look at how you can do this using tools on Linux and Windows systems. We'll begin by using the DD utility on a Linux system. The DD command allows you to create images of drives. I have a drive that I'd like to image attached to this system as dev sdf. Let's go ahead and create an image file for it. First, I'm going to use the sudo command because creating this image requires administrative privileges. And with sudo, I'll use the DD utility. The next thing I need to provide is the source, the input for this image. I'm going to set my input =/dev/sdf. The device that I would like to create an image of. Then I need to provide an output location. I do that by setting "of=" the name of the file that I'd like to store the image in.…

Contents