From the course: CompTIA Security+ (SY0-601) Cert Prep: 9 Operations and Incident Response
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Creating forensic images
From the course: CompTIA Security+ (SY0-601) Cert Prep: 9 Operations and Incident Response
Creating forensic images
- [Instructor] Once you've connected a drive that you'd like to image to a write-blocker, you can use disc acquisition tools to create a snapshot of that drive for a forensic analysis. Let's take a look at how you can do this using tools on Linux and Windows systems. We'll begin by using the DD utility on a Linux system. The DD command allows you to create images of drives. I have a drive that I'd like to image attached to this system as dev sdf. Let's go ahead and create an image file for it. First, I'm going to use the sudo command because creating this image requires administrative privileges. And with sudo, I'll use the DD utility. The next thing I need to provide is the source, the input for this image. I'm going to set my input =/dev/sdf. The device that I would like to create an image of. Then I need to provide an output location. I do that by setting "of=" the name of the file that I'd like to store the image in.…
Contents
-
-
-
-
-
-
(Locked)
Conducting investigations3m 50s
-
(Locked)
Evidence types3m 28s
-
(Locked)
Introduction to forensics3m 21s
-
(Locked)
System and file forensics4m 26s
-
(Locked)
File carving3m 46s
-
(Locked)
Creating forensic images5m 30s
-
Digital forensics toolkit2m 25s
-
(Locked)
Operating system analysis6m 9s
-
(Locked)
Password forensics7m 16s
-
(Locked)
Network forensics4m 1s
-
(Locked)
Software forensics4m 25s
-
(Locked)
Mobile device forensics1m 10s
-
(Locked)
Embedded device forensics2m 30s
-
(Locked)
Chain of custody1m 50s
-
(Locked)
Ediscovery and evidence production3m 3s
-
(Locked)
Exploitation frameworks6m 4s
-
(Locked)
-