Lect99 - Special Questions Flashcards by Yves Sturzenegger | Brainscape

Q

What are the steps when you would like to acquire a media?

A

Prep target disk => # dc3dd wipe=/dev/sdb
Check available disk space: # df -h
Create dest folder: # mkdir /mnt/evidence
Boot suspect with linux boot disk
Mount target disk
Check source drive: # lsblk or lsscsi or lsusb
Collect media details: # hdparm -I /dev/sdX
Hash source media: # sha1sum /dev/sdX
Collect evidence: # dd or # dc3dd or # ewfacquire

How well did you know this?

1

Not at all

2

3

4

5

Perfectly