From the course: Incident Response: Evidence Collection in Windows
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Preparing your evidence collection drive
From the course: Incident Response: Evidence Collection in Windows
Preparing your evidence collection drive
- [Instructor] Part of our preparation phase is making sure all of our tools are ready to go. So, one of the things we need to do is make sure that we have hard drives that are for us to collect evidence on. Before we can collect evidence onto a hard drive, though, we have to know the contents of that hard drive. So, I'm going to use a USB thumb stick here and connect it to my Windows 10 machine. Let's take a look at this. It's going to pop up and you're going to see that this D drive, this 64 gigabyte thumb drive, does have some folders on it that has files and stuff like that. Now, this is not a well-prepared thumb drive because there's things on it. Now, you can't just simply take this and delete it and empty the trash because there's still going to be residual on that hard drive or USB thumb stick. So, instead, what we need to do to properly format this, so that it's ready for us to use in a forensic investigation, is…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
(Locked)
Preparation in the key to success6m 9s
-
(Locked)
Storage devices in Windows4m 42s
-
(Locked)
Installing FTK Imager1m 26s
-
(Locked)
Installing DD for Windows1m 24s
-
(Locked)
Preparing your evidence collection drive2m 48s
-
(Locked)
Creating a USB drive with trusted tools9m 12s
-
(Locked)
Validating our trusted tool kit4m 5s
-
(Locked)
-
-
-
-
-
-