Description: In this video I will show you how to make a bit-for-bit copy of your suspect hard drive.
We will be using the tool ewfacquire within Helix to create the evidence files, and it will be these evidence files that we will analyse in the next video.
Hope you enjoy this video.
Please leave comments.
Tags: education , forensics , digital forensics ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
Vid has been removed as its too long - How annoying,
Can you upload again or to vimeo?
No worries. Will upload now and submit the link. Sorry!
Diolch yn fawr :)
Awesome, thanks a lot mate.
I learned something new for sure :D Thanks
keep the videos coming!
great video!
do you suggest reading any book about forensics? do you analyze malwares too?
can you tell us a little a bit about your job? (what you do, when, how etc')
Thanks.
can you explain how to mount the target system as read only??(for those of us who don't have a write blocker)
@LordJonesII - Thanks very much! Diolch! As far as mounting as read-only, you can do it using (I think) the -ro switch in Linux, however if you're only want to acquire the drive, you can just follow the instructions in the video. You won't need to mount it. You can also mount the evidence files later on, using a couple of other tools I'll talk about. Hope this answers you question.
@YS - Thanks very much. I'll have a look through my books and see what I can dig up for you. Windows Forensic Analysis by Harlan Carvey is awesome. I would recommend browsing of blogs. Forensics From The Sausage Factory is a good one. I'll look through my bookmarks and see what I can dig out for you. If I don't come back to you, remind me.
@Everyone Else - thank you very much for your comments. I am currently working on FE4 - I PROMISE there'll be forensic involved, so it'll be a bit more exciting!
@YS - sorry, didn't answer your question. I've worked in digital forensics for six years. I've worked with law enforcement and private. I currently live and work in Wales, UK.
All right!
In the US thw wiretap act, Pen registers and trap and trace devices statue, and Stored Wired and Electronic Communication Act are what we need to be familiar with for forensics.
Thanks very much for that, hackfupanda! That's exactly the kind of info I want people to look into if they're interested in this topic. Do you work in forensics?
Very very nice series you got going here! I love it! Perfect compliment to my CS studies :D
Thanks very much, span! Appreciate you taking the time to watch and comment. Part 5 goes up tonight.