|
-
June 25th, 2007, 07:11 AM
#1
 Forensic Disk Copying.
Greetings'..
I need software to copy a disk for forensic examination. I will be carrying an USB 2.0 external Hard-disk and Ill need to copy either the entire disk or certain parts of it but for forensic examination.. Hence I'll need some kind of software that will preserve the dates of the file.
Please help on ASAP basis since my investigation is already on... I would also like it if there is a software which lets me do this over the network...
THANKS A LOT IN ADVANCE...
Parth Maniar,
CISSP, CISM, CISA, SSCP
*Thank you GOD* 
Greater the Difficulty, SWEETER the Victory.
Believe in yourself.
-
June 25th, 2007, 02:29 PM
#2
You might try FCCU. It's a live cd and widely used in Europe for forensics.
I've seen a paper or two on using Ghost for creating an "as-is" image for
forensics. Forensics is a complicated subject, and others here will know
better than I what will work. Encase seems to be the standard for computer
forensics in the U.S.
FCCU link: http://www.lnx4n6.be/
“Everybody is ignorant, only on different subjects.” — Will Rogers
-
June 25th, 2007, 02:43 PM
#3
I THINK if it is from an NTFS filesystem all the timestamps will remain. Other things - the only way to do it would be a complete ghost.
-
June 25th, 2007, 03:09 PM
#4
Boot from a linux live CD and use the dd command to create the diskimage. Something like dd if=/dev/hda of=myimage bs=512.
Oliver's Law:
Experience is something you don't get until just after you need it.
-
June 25th, 2007, 05:04 PM
#5
-
June 26th, 2007, 03:24 PM
#6
 Originally Posted by SirDice
Boot from a linux live CD and use the dd command to create the diskimage. Something like dd if=/dev/hda of=myimage bs=512.
Well, the advice is nice. Well, how would one open up the image created by the 'dd' command? What software can be used for the purpose?
Last edited by jockey0109; October 14th, 2007 at 07:54 AM.
"Everything should be made as simple as possible, but not simpler."
- Albert Einstein
-
June 26th, 2007, 03:54 PM
#7
On linux you can use i.e. mount -o loop -t ntfs myimage /mnt/
Oliver's Law:
Experience is something you don't get until just after you need it.
-
June 26th, 2007, 06:44 PM
#8
and if the forensics is for any kind of criminal activity
keep full documentation too
use only licensed software
and have a witness at all times
if it is just for educational purposes
scratch th eabove 
so now I'm in my SIXTIES FFS
WTAF, how did that happen, so no more alterations to the sig, it will remain as is now
Beware of Geeks bearing GIF's
come and waste the day :P at The Taz Zone
-
June 28th, 2007, 03:44 PM
#9
Check out this link:
http://www.lnx4n6.be/index.php?sec=D...&page=netcatdd
Alter your source drive from HDD to DVD.
-
June 28th, 2007, 05:13 PM
#10
Similar Threads
-
By cheyenne1212 in forum Miscellaneous Security Discussions
Replies: 7
Last Post: February 1st, 2012, 02:51 PM
-
By Nokia in forum Tips and Tricks
Replies: 5
Last Post: June 22nd, 2004, 12:21 AM
-
By gore in forum Operating Systems
Replies: 3
Last Post: March 7th, 2004, 08:02 AM
-
By xmaddness in forum Other Tutorials Forum
Replies: 9
Last Post: May 29th, 2002, 02:31 PM
-
By E5C4P3 in forum The Security Tutorials Forum
Replies: 2
Last Post: April 2nd, 2002, 05:33 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
