From the course: Incident Response: Evidence Collection in Windows
Unlock the full course today
Join today to access over 22,700 courses taught by industry experts or purchase this course individually.
Validating our trusted tool kit
From the course: Incident Response: Evidence Collection in Windows
Validating our trusted tool kit
- [Instructor] At this point, we've taken a USB drive, we've formatted it with all zeros, we've collected our trusted tools and hopefully, you've copied those tools onto your USB drive as you see here on the right side of my screen. Now, there's one more step we need to do and that's to make sure we give each of these tools a digital fingerprint so we know if they've been modified. The reason for this is if I'm plugging this USB drive into some victim machine, I have to make sure that victim machine hasn't modified my tools and made them untrustworthy. To do this, we're going to use a digital hash. There are three main types of digital hashes and we're going to use all three of them. It's MD5, SHA-1 and SHA-256. Now, as you downloaded those tools and installed them, you should have come across three programs. md5deep, sha1deep and sha256deep. Let me show you how we're going to use those in this video to make…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Contents
-
-
-
(Locked)
Preparation in the key to success6m 9s
-
(Locked)
Storage devices in Windows4m 42s
-
(Locked)
Installing FTK Imager1m 26s
-
(Locked)
Installing DD for Windows1m 24s
-
(Locked)
Preparing your evidence collection drive2m 48s
-
(Locked)
Creating a USB drive with trusted tools9m 12s
-
(Locked)
Validating our trusted tool kit4m 5s
-
(Locked)
-
-
-
-
-
-