Join Jungwoo Ryoo for an in-depth discussion in this video Static acquisition with an open-source tool, part of Learning Computer Forensics.
…There are commercial tools you can use to get an image of a USB drive or…any other types of drives but…there also plenty of open source utilities out there you can use to get an image.…In this case,…we'll try to use an open source tool called dd to get an image of a USB drive.…Before we do anything let's try to see the name of the USB drive attached to…this machine.…We can do that by typing f disk and then the option is l.…
And we need sudo in front of…it because f disk requires a diminished rate of privilege to run.…Press Enter and now you see the USB drive showing up as DVSDD1.…In this case our goal is to get an image of…an entire physical drive rather than a partition on the physical drive.…Therefore, we'll be using dvsdd instead of dvsdd1 to refer to our USB drive.…
The command is very simple, just type dd, IF stands for input file.…So in this case dev, sdd, instead of sdd 1, which is a partition,…now we are referring to an entire physical drive, and then simply type…o f or output file, and then the target file name of the image.…
- Understanding computer forensics
- Understanding partitioning
- Using a hex editor
- Preparing a target drive
- Acquiring data
- Ensuring data integrity with hashing
- Indexing and searching
- Generating a report
Skill Level Intermediate
Q: Which operating systems support built-in write blocking?
Q: Are there other ways to access deleted files in the usbimage.001 file?
Small Office Networking to Connect, Share, and Printwith Garrick Chow3h 23m Appropriate for all
Heartbleed Tactics for Small IT Shopswith David Gassner16m 39s Beginner
1. Understanding Computer Forensics
2. Preparing for a Computer Forensics Investigation
3. Preserving Data
4. Acquiring Data
5. Analyzing Data
Next steps1m 1s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.