From the course: Incident Response: Evidence Collection in Windows
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Verification of data collected
From the course: Incident Response: Evidence Collection in Windows
Verification of data collected
- [Instructor] At this point in our evidence collection, we've collected all of the volatile, and the non-volatile information that we can, while the system is up and running. But before we shut down the system, we want to make sure we create hashes of all of the evidence we've collected. Now, to do this, I have on the left side my command prompt and I'm in the Trusted Tools directory. On the right side, I'm inside the Evidence folder on my D drive. And you can see there we have our memory captures, we have our page files, and we have a bunch of text files which were the output of our T commands, as we went through and did all of our evidence collection. So to be able to do this, what we want to do is go into our command prompt, and we're going to run a program called md5deep. And this is going to create an md5 hash of all of the files that I tell it to. Which files do I want to do that on? Well, I want to do it on…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.