Sample of Tools for Forensic Examination - Video 3 (20 minutes)

Linux dd

 

Lecture Overview:

 

• How to image and verify a drive using Linux. Use dd to image a drive in Linux, obtain file information with file, and multiple methods to create and view hashes.:

 

• Disable Automount - (1:40)
• Image a drive - (5:40)
• file command - (7:52)
• Hash the image file - (8:37)
• Create a MD5 of a device - (13:02)
• Verify hash in FTK Imager - (15:45)
• Verify has in ProDiscover - (16:26) 

 

Download:

 

• (Right click this link and use "Save As...") Linux Image Verification

 

Additional Supporting Material:

•  DFI News, Validation of Forensic Tools and Software
• Zdziarski, J. The importance of forensic tools validation

 

All Course Lectures  

 

 

You now
Someone else 20 mins ago
Someone else 47 mins ago
Someone else 51 mins ago
Someone else 58 mins ago
Someone else 1 hr ago
Someone else 1 hr ago
Someone else 2 hrs ago
Someone else 2 hrs ago
Someone else 4 hrs ago