From the course: CompTIA CySA+ (CS0-002) Cert Prep: 6 Incident Response
Unlock the full course today
Join today to access over 22,400 courses taught by industry experts or purchase this course individually.
Creating forensic images
From the course: CompTIA CySA+ (CS0-002) Cert Prep: 6 Incident Response
Creating forensic images
- [Instructor] Let's take a look at the process used to create forensic images, once you've connected a drive that you'd like to image to a Linux or Windows system using a write blocker. We'll begin by using the dd utility on a Linux system. The dd command allows you to create images of drives. I have a drive that I'd like to image attached to this system as dev sdf. Let's go ahead and create an image file for it. First, I'm going to use the sudo command because creating this image requires administrative privileges, and with sudo, I'll use the dd utility. The next thing I need to provide is the source, the input for this image. I'm going to set my input equal to slash dev slash sdf. The device that I would like to create an image of. Then I need to provide an output location. I do that by setting O-F equal to the name of the file that I'd like to store the image in. I'll call it myimage.img. I'm also going to add…
Contents
-
-
-
-
-
-
Conducting investigations5m 7s
-
Evidence types3m 51s
-
Introduction to forensics4m 6s
-
System and file forensics4m 17s
-
File carving3m 1s
-
Creating forensic images5m 36s
-
Digital forensics toolkit3m 13s
-
Operating system analysis6m 25s
-
Password forensics8m 9s
-
Network forensics4m 50s
-
Software forensics3m 32s
-
Mobile device forensics1m 32s
-
Embedded device forensics2m 50s
-
Chain of custody2m 13s
-
Ediscovery and evidence production3m 15s
-
-