Collect data for Digital Forensic

From Zam Wiki

1. Wipe hdd 

sudo shred -v -n 0 -z /dev/sdc


2. Check byte in harddisk that was replaced by 0 or not. 

sudo xxd -a /dev/sdc


3. MD5Sum Source (Evidence) 

sudo md5sum /dev/sdb


4. Copy from evidence (/dev/sdb/) to hdd (/dev/sdc) 

sudo dd if=/dev/sdc bs=512 count=499712 | md5sum


or create image from source 

dcfldd if=/dev/sdb hash=md5 of=/media/diskimage.dd bs=512 noerror


Credit to r00tsec blog [1]

Retrieved from "http://wiki.khairulazam.net/index.php?title=Collect_data_for_Digital_Forensic&oldid=141"