Join Jungwoo Ryoo for an in-depth discussion in this video Static acquisition with dcfldd (forensic DD), part of Learning Computer Forensics.
…DCFLDD is a forensic version of DD.…It is also an open source computer forensics tool.…This lesson will teach you how to use DCFLDD to…statically acquire an image from a USB drive.…Let's first check how your USB drive is represented on your operating system.…Type sudo fdisk-l press Enter.…I already use the sudo command all year, which is why it's not asking for…a password.…
So, you may have to type in your password before this step.…Next, type sudo, dcfldd, and…then input file, which is devsdd.…Dvsdd is how your USB drive is represented on this computer.…Depending on your setting, your USB drive may be showing up differently.…Now type OF of a file and…then we'll name the image as USB image.dd.…
We'll use a couple more options here which is not available to dd.…We'll use hash and say md5 and…we'll also say hash log and then the name of the log file, USB image.log.…What this will do is, by the end of the imaging process,…it will be producing an MD5 hash value of your image.…And then store it in the USB image that log file.…
- Understanding computer forensics
- Understanding partitioning
- Using a hex editor
- Preparing a target drive
- Acquiring data
- Ensuring data integrity with hashing
- Indexing and searching
- Generating a report
Skill Level Intermediate
Q: Which operating systems support built-in write blocking?
Q: Are there other ways to access deleted files in the usbimage.001 file?
Small Office Networking to Connect, Share, and Printwith Garrick Chow3h 23m Appropriate for all
Heartbleed Tactics for Small IT Shopswith David Gassner16m 43s Beginner
1. Understanding Computer Forensics
2. Preparing for a Computer Forensics Investigation
3. Preserving Data
4. Acquiring Data
5. Analyzing Data
Next steps1m 1s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.