Difference between revisions of "Collect data for Digital Forensic"
From Zam Wiki
(Created page with "1. Wipe hdd sudo shred -v -n 0 -z /dev/sdc 2. Check byte in harddisk that was replaced by 0 or not. sudo xxd -a /dev/sdc 3. MD5Sum Source (Evidence) sudo md5sum /dev/sd...") |
(No difference)
|
Latest revision as of 03:06, 1 June 2015
1. Wipe hdd
sudo shred -v -n 0 -z /dev/sdc
2. Check byte in harddisk that was replaced by 0 or not.
sudo xxd -a /dev/sdc
3. MD5Sum Source (Evidence)
sudo md5sum /dev/sdb
4. Copy from evidence (/dev/sdb/) to hdd (/dev/sdc)
sudo dd if=/dev/sdc bs=512 count=499712 | md5sum
or create image from source
dcfldd if=/dev/sdb hash=md5 of=/media/diskimage.dd bs=512 noerror
Credit to r00tsec blog [1]