Forensic Acquisition Tools

Sebastian NET 182 W01 September 16, 2012 Chapter 4 Project Summary Project 4-1 In this project I’ve research current acquisition tools. The acquisition tool is a program or hardware device used to read digital source and then create either an image file or a clone of a digital source. There are many tools available today to use for computer forensics. They include both open source and proprietary software. Some of the more common software is ProDiscover, SnapBack DatArrest, NTI SafeBack, DIBS USA Raid, ILOOK Investigator IXimager, Vogon International SDi32, ASRData SMART and Australian Department of Defence PyFlag.

Case 4-2 In this case project I need made a fast disk image of the suspect hard drive. For this purpose I can use Live Linux Cd and USB drive (USB 3. 0 with transfer of 625 MB/s) : 1. Boot the target computer to Linux using boot Linux CD (even if the computer is a windows computer you can boot it to Linux) 2. After booting to Linux insert USB thumb drive and I mount USB drive mkdir /mnt/usbdrive mount /dev/sda1 /mnt/usbdrive 3. Then I will execute dd command by typing dd if=/dev/hda6 of=/mnt/usbdrive/murder. img bs=4096

This tells Linux to make a bit stream copy from the input “file” (“if”) /dev/hda6 (which is the E partition of the hard drive), to the output “file” (“of”) /mnt/usbdrive/murder. img (which is a file called murder. img on the usb drive disk). The “bs” sets the block size to approximately 4K, which is a good size for many moderate sized copying jobs. 4. Now I can unmount the USB drive by typing Umount /mnt/usbdrive This allow Linux to complete writing to USB drive 5. Now I have bit a bit copy of 10 GB partition E made on USB drive in file called murder. mg Hands on Project 4-3 In this project I’ve create a FAT32 disk partition with usage of Linux. This is the steps to create FAT 32 partition in Linux : 1. I boot computer with Linux Ubuntu 2. Then I connect a external hard drive 3. At shell type #su >enter password>enter 4. To find location of hard drive I type #fdisk –l > enter #fdisk /dev/sdb c Command > p “display partitions” This shows the NTFS partition. 5. Command >d “delete a partition” This deletes the NTFS partition. 6.

Command > n “add a new partition” 7. Command action >p “primary partition (1-4)” 8. Partition number (1-4) >1 9. First cylinder > (enter for default) 10. Last cylinder > (enter for default) 11. Command > t “change partition system id” 12. Hex code (type L to list codes): b 13. Command > a “toggle a bootable flag” 14. Partition number (1-4)> 1 15. Command > p 16. Command > w “Write table to disk and exit! ” 17. #mkdosfs -F 32 /dev/sdb1 Now the drive is formatted to FAT32.

We will write a custom essay sample on
Forensic Acquisition Tools
or any similar topic only for you
We will write a custom essay sample on
Forensic Acquisition Tools
or any similar topic only for you
Order now
Order now

Case Project4-3 In this project we need make an image of disk which can’t be removed from computer with Linux operating system. For the purpose of this project I use same Linux live cd and follow same steps as in project 4-2 . What I learn that dd command can be also use full for backups. To back entire hard disk to another hard disk connected to the same system we need type : dd if=/dev/sda of=/dev/sdb Hands on project 4-4 In this project I learn how to split data To split files into manageable size of 30 Mb I use command # dd if=/dev/ | split -d -b 30m – file. split.

Custom writing services

×

Hi there, would you like to get such a paper? How about receiving a customized one? Check it out