System Forensics

All your artifacts are belong to us.

21 01 2012

SIFT Workstation: Video 2 – Acquire HDD/USB Drives via Command Line

sysforensics | Digital Forensics, Forensic Artifacts, Netcat, offset, sans investigative forensic toolkit, sift dd

Welcome back for my second video.

In this video we cover a couple different applications to acquire images from hard drives/USB drives. Before we can really analyze anything we need to have some images to start with. During this video I am going to acquire an image from a USB thumb drive using dcfldd and ftkimage lite 2.9, both of which are pre-installed on SIFT. I will also show you how to use netcat so you can image a drive over the network as well.

To ensure we don’t make any changes to the original media I am going to use a Wiebetech USB Writeblocker that I bought from Amazon (link/picture below) for around $180.00.

Tweet

References:
Google
SANS Forensics 408 – Computer Forensic Investigations – Windows In-Depth
AccessData FTK Imager CLI v2.9 Command Line PDF

Comments are currently closed.

One thought on “SIFT Workstation: Video 2 – Acquire HDD/USB Drives via Command Line

Take the red pill and follow….

Recent Posts

Archives