From the course: Incident Response: Evidence Collection in Windows
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Graceful shutdown
From the course: Incident Response: Evidence Collection in Windows
Graceful shutdown
- [Instructor] At this point, we've collected everything we need, and we've verified all our hashes, and we need to shut down the computer. Now, you don't want to shut down the computer like you normally would your computer at home. We don't want to go to the Windows button, click on that, and then click the power button and say "power off." The reason for that is if you do that, it gives the computer time to write files to the disk and to close things out, which can modify the contents of that hard drive. So instead, we want to use the command line to do this, and we'll use the command, shutdown /s, which tells us to terminate all the applications without saving any of the data, and then /t, this tells us to do it at a certain time, and then space 1, which says, "do it one second "after I hit enter." So as I hit enter here, we are going to terminate all the applications, it's going to shut everything down, and it's going to…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.