Forensic Disk Copying.
Results 1 to 10 of 10

Thread: Forensic Disk Copying.

  1. #1
    StOrM™
    Join Date
    Aug 2004
    Posts
    1,003

    Exclamation Forensic Disk Copying.

    Greetings'..

    I need software to copy a disk for forensic examination. I will be carrying an USB 2.0 external Hard-disk and Ill need to copy either the entire disk or certain parts of it but for forensic examination.. Hence I'll need some kind of software that will preserve the dates of the file.

    Please help on ASAP basis since my investigation is already on... I would also like it if there is a software which lets me do this over the network...



    THANKS A LOT IN ADVANCE...
    Parth Maniar,
    CISSP, CISM, CISA, SSCP

    *Thank you GOD*

    Greater the Difficulty, SWEETER the Victory.

    Believe in yourself.

  2. #2
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,242
    You might try FCCU. It's a live cd and widely used in Europe for forensics.
    I've seen a paper or two on using Ghost for creating an "as-is" image for
    forensics. Forensics is a complicated subject, and others here will know
    better than I what will work. Encase seems to be the standard for computer
    forensics in the U.S.

    FCCU link: http://www.lnx4n6.be/
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  3. #3
    Senior Member
    Join Date
    Oct 2003
    Location
    MA
    Posts
    1,053
    I THINK if it is from an NTFS filesystem all the timestamps will remain. Other things - the only way to do it would be a complete ghost.

  4. #4
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,403
    Boot from a linux live CD and use the dd command to create the diskimage. Something like dd if=/dev/hda of=myimage bs=512.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  5. #5
    Senior Member
    Join Date
    Oct 2003
    Location
    MA
    Posts
    1,053
    ^^ what dice said.

  6. #6
    Senior Member
    Join Date
    Aug 2006
    Location
    India
    Posts
    289
    Quote Originally Posted by SirDice
    Boot from a linux live CD and use the dd command to create the diskimage. Something like dd if=/dev/hda of=myimage bs=512.
    Well, the advice is nice. Well, how would one open up the image created by the 'dd' command? What software can be used for the purpose?
    Last edited by jockey0109; October 14th, 2007 at 07:54 AM.
    "Everything should be made as simple as possible, but not simpler."

    - Albert Einstein

  7. #7
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,403
    On linux you can use i.e. mount -o loop -t ntfs myimage /mnt/
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  8. #8
    They call me the Hunted foxyloxley's Avatar
    Join Date
    Nov 2003
    Location
    3rd Rock from Sun
    Posts
    2,528
    and if the forensics is for any kind of criminal activity
    keep full documentation too
    use only licensed software
    and have a witness at all times

    if it is just for educational purposes
    scratch th eabove
    55 - I'm fiftyfeckinfive and STILL no wiser,
    OLDER yes
    Beware of Geeks bearing GIF's
    come and waste the day :P at The Taz Zone

  9. #9
    Senior Member WolfeTone's Avatar
    Join Date
    Jun 2007
    Location
    Ireland
    Posts
    197
    Check out this link:
    http://www.lnx4n6.be/index.php?sec=D...&page=netcatdd

    Alter your source drive from HDD to DVD.

  10. #10
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,178
    Hi Byte~ here are a couple of tutorials that might help:

    http://antionline.com/showthread.php?t=264701

    http://antionline.com/showthread.php?t=253552

    Cheers,

    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

Similar Threads

  1. Windows Error Messages
    By cheyenne1212 in forum Miscellaneous Security Discussions
    Replies: 7
    Last Post: February 1st, 2012, 01:51 PM
  2. Windows 98 Tips
    By Nokia in forum Tips and Tricks
    Replies: 5
    Last Post: June 22nd, 2004, 12:21 AM
  3. The history of the Mac line of Operating systems
    By gore in forum Operating Systems
    Replies: 3
    Last Post: March 7th, 2004, 07:02 AM
  4. Win Emergency boot disks
    By xmaddness in forum Other Tutorials Forum
    Replies: 9
    Last Post: May 29th, 2002, 02:31 PM
  5. Surviving a Disk Crash--a Checklist
    By E5C4P3 in forum The Security Tutorials Forum
    Replies: 2
    Last Post: April 2nd, 2002, 04:33 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides