From the course: Incident Response: Evidence Collection in Windows
Join today to access over 22,500 courses taught by industry experts or purchase this course individually.
Imaging a drive with Forensic Imager
From the course: Incident Response: Evidence Collection in Windows
Imaging a drive with Forensic Imager
- [Narrator] When you're on the scene and collecting evidence, you may come across things such as external hard drives and USB drives. Now in the last video, I showed you how to capture these type of devices using FTK Imager, and we did that to capture a hard drive from our victim system. Now in this lesson I want to show you how you can use the dd program that's been ported to Windows. This is a command line tool that a lot of forensic investigators really like using. It's free, it's open source, and it works great. Now, from our Trusted Tools Directory, I do have the dd tool. So it's t underscore dd, and then we're going to type dash, dash, L-I-S-T, for list. When you do this it's going to list out every device that's connected to your system. In this case, the system I'm on is my forensic work station. I have the C Drive, which is my internal drive. I have the D Drive, which is a two gigabit thumb drive that's…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.