From the course: Cybersecurity Foundations: Computer Forensics
Join today to access over 25,200 courses taught by industry experts.
Static acquisition with open-source tools
From the course: Cybersecurity Foundations: Computer Forensics
Static acquisition with open-source tools
- [Instructor] There are plenty of open-source utilities out there you can use to get an image of a drive. We'll use an open-source tool called dd to get an image of a USB drive. Our goal here is to get an image of an entire physical drive rather than a partition on the physical drive. Therefore, we'll be using /dev/sdb instead of /dev/sdb1 to refer to our USB drive. We've already looked at finding out how a USB drive is recognized in a file system on Linux. The command to use for our imaging task is very simple. Type sudo, space, dd, space, if. IF here stands for input file. Equal sign, forward slash, dev, forward slash, sdb, instead of sdb1, which is a partition. Next, type a space, and then of, equals sign. OF here stands for output file. After the equal sign, type the target file name of the image. Let's use dot, forward slash, usb, underscore, image. The dot here stands for the current directory. And then the…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
-
-
-
(Locked)
Data acquisition approaches1m 44s
-
(Locked)
Static acquisition with open-source tools3m 39s
-
(Locked)
Static acquisition case study with dd2m 57s
-
(Locked)
Static acquisition case study with dcfldd1m 53s
-
(Locked)
Live acquisition case study with a commercial tool40s
-
(Locked)
Challenge: Live acquisition with a memory dump file29s
-
(Locked)
Solution: Live acquisition with a memory dump file47s
-
(Locked)
-
-