Collect data for Digital Forensic

From Zam Wiki
Revision as of 03:06, 1 June 2015 by Zam (talk | contribs) (Created page with "1. Wipe hdd sudo shred -v -n 0 -z /dev/sdc 2. Check byte in harddisk that was replaced by 0 or not. sudo xxd -a /dev/sdc 3. MD5Sum Source (Evidence) sudo md5sum /dev/sd...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

1. Wipe hdd

sudo shred -v -n 0 -z /dev/sdc


2. Check byte in harddisk that was replaced by 0 or not.

sudo xxd -a /dev/sdc


3. MD5Sum Source (Evidence)

sudo md5sum /dev/sdb


4. Copy from evidence (/dev/sdb/) to hdd (/dev/sdc)

sudo dd if=/dev/sdc bs=512 count=499712 | md5sum


or create image from source

dcfldd if=/dev/sdb hash=md5 of=/media/diskimage.dd bs=512 noerror


Credit to r00tsec blog [1]