Forensic Acquisition Tools

Sebastian NET 182 W01 September 16, 2012 Chapter 4 Project thick Project 4-1 In this project Ive research current acquisition tools. The acquisition tool is a program or ticklishw are device utilised to read digital source and then throw either an image file or a clone of a digital source. There are many tools available today to use for computer forensics. They include both open source and proprietary software. Some of the more common software is ProDiscover, SnapBack DatArrest, NTI SafeBack, DIBS USA Raid, ILOOK Investigator IXimager, Vogon International SDi32, ASRData SMART and Australian division of Defence PyFlag.Case 4-2 In this case project I need made a fast track record image of the suspect unvoiced pay off. For this purpose I faeces use Live Linux Cd and USB drive (USB 3. 0 with transfer of 625 MB/s) 1. Boot the target computer to Linux using boot Linux CD (even if the computer is a windows computer you can boot it to Linux) 2. After booting to Linux insert USB th umb drive and I setting USB drive mkdir /mnt/usbdrive mount /dev/sda1 /mnt/usbdrive 3. Then I will execute dd command by typing dd if=/dev/hda6 of=/mnt/usbdrive/murder. img bs=4096This tells Linux to make a bit stream copy from the input file (if) /dev/hda6 (which is the E air division of the threatening drive), to the output file (of) /mnt/usbdrive/murder. img (which is a file called murder. img on the usb drive phonograph recording). The bs sets the block size to virtually 4K, which is a good size for many moderate sized copying jobs. 4. Now I can unmount the USB drive by typing Umount /mnt/usbdrive This allow Linux to complete writing to USB drive 5. Now I energize bit a bit copy of 10 GB naval division E made on USB drive in file called murder. mg hold on Project 4-3 In this project Ive create a FAT32 book partition with usage of Linux. This is the steps to create FAT 32 partition in Linux 1. I boot computer with Linux Ubuntu 2. Then I connect a external hard drive 3. At shell fount su enter passwordenter 4. To find location of hard drive I type fdisk l enter fdisk /dev/sdb c Command p display partitions This shows the NTFS partition. 5. Command d delete a partition This deletes the NTFS partition. 6.Command n add a new partition 7. Command action p primary partition (1-4) 8. divider number (1-4) 1 9. First cylinder (enter for default) 10. Last cylinder (enter for default) 11. Command t change partition frame id 12. Hex code (type L to list codes) b 13. Command a toggle a bootable lurch 14. Partition number (1-4) 1 15. Command p 16. Command w Write table to disk and exit 17. mkdosfs -F 32 /dev/sdb1 Now the drive is formatted to FAT32.Case Project4-3 In this project we need make an image of disk which cant be removed from computer with Linux operating system. For the purpose of this project I use same Linux live cd and follow same steps as in project 4-2 . What I learn that dd command can be also use full for backups. To back entire hard disk to another hard disk connected to the same system we need type dd if=/dev/sda of=/dev/sdb Hands on project 4-4 In this project I learn how to split data To split files into docile size of 30 Mb I use command dd if=/dev/ split -d -b 30m file. split.