Differences

This shows you the differences between two versions of the page.

--- todo:rewritable_hard_disks_and_flash_media [2021/11/23 19:52]
hiccup
+++ todo:rewritable_hard_disks_and_flash_media [2022/05/20 13:25]
hiccup minor edit to update cache
@@ Line 2: / Line 2: @@
 ===== Introduction =====
+{{wst>factory_save}}
 There is a risk when plugging USB devices or other writeable storage media into a conventional operating system that the OS will write to the device, meaning a clean dump of the original media cannot subsequently be made. To enable as clean as possible a dump to be preserved - even in the case of used devices it is good to avoid making any further changes.
@@ Line 14: / Line 15: @@
 ==== Method 1 ====
+[todo: elaborate]
 **Tools required**
@@ Line 20: / Line 22: @@
   * [[user:rufus|https://rufus.ie/en/]] (if making a bootable live USB)
+Basically the process is the same as Method 2, but you *do not* enable the system-wide write access, instead you just connect your PC to the network and copy your dump to another device.
 ==== Method 2 ====
@@ Line 29: / Line 32: @@
 **Process**
-Do not connect the external storage media that you wish to dump until instructed to do so.
+  * Do not connect the external storage media that you wish to dump until instructed to do so.
+  * Download CAINE from the link above
+  * Either burn the ISO to a DVD or create a bootable live USB using Rufus. Insert the burned disc or USB into your system and reboot into CAINE
+  * Check that the system-level mount policy is set to read-only (disk icon in the taskbar should be green). If this is red, right click it and change to read-only.
-  - Download CAINE from the link above
+{{:todo:flashmedia-step1.png?600|}}
-  - Either burn the ISO to a DVD or create a bootable live USB using Rufus. Insert the burned disc or USB into your system and reboot into CAINE
+  * Run UnBlock - this should show you a list of devices that are currently attached to the system.
-  - Check that the system-level mount policy is set to read-only (disk icon in the taskbar should be green). If this is red, right click it and change to read-only.
-  - Run UnBlock - this should show you a list of devices that are currently attached to the system.
-  - At this stage, connect the media you wish to dump and hit refresh in UnBlock. This should show up in UnBlock now with a policy of read-write. Change this to read-only (tick the checkbox next to it in the listing and then hit OK)
-  - From the list of devices, find and make a note of the device name related to the media you wish to dump (for the rest of this guide we'll call this //sdX//)
-  - Open "caine's Home" and, from the list of devices at the left, find either an internal or external hard-drive to which you want to save the image. The device labels should be the same as you can see in your normal OS (e.g. Windows, Storage, Elements etc.) (for the rest of this guide we'll call this //$HARDDRIVE//)
-  - Go back to unblock and find this hard-drive in the list of devices - hopefully it should be obvious from the relative sizes, otherwise you can find device labels by ([method TBC])
-  - Click the checkbox next to the hard-drive and hit OK - this should now show as Read-Write in UnBlock
-  - Change the system policy to allow mounting devices in writable mode by right clicking the green disk icon in the task bar and selecting "make writable"
-  - Open "caine's Home" again and find your hard-drive at the left - click to mount this. It will mount at /media/caine/$HARDDRIVE.
-  - Open the console and dump the USB using the following command 'sudo dd if=dev/sdX/ of=/media/$HARDDRIVE/backup.img bs=4M'
-===== Gathering and Submitting Dump Info =====
+{{:todo:flashmedia-step2.png?600|}}
+  * At this stage, connect the media you wish to dump and hit refresh in UnBlock. This should show up in UnBlock now with a device-level policy of writable.
+{{:todo:flashmedia-step3.png?600|}}
+  * Change this to read-only by ticking the checkbox next to it in the listing and then hit OK)
+  * From the list of devices, find and make a note of the device name related to the media you wish to dump (for the rest of this guide we'll call this //sdX//)
+{{:todo:flashmedia-step4.png?600|}}
+  * Open "caine's Home" and, from the list of devices at the left, find either an internal or external hard-drive to which you want to save the image. The device labels should be the same as you can see in your normal OS (e.g. Windows, Storage, Elements etc.) (for the rest of this guide we'll call this //$HARDDRIVE//)
-See [[submission:YYY|Gathering and Submitting Dump Info for YYY]]
+{{:todo:flashmedia-step5.png?600|}}
+  * Go back to unblock and find this hard-drive in the list of devices - hopefully it should be obvious from the relative sizes, otherwise you can find device labels by using the command 'lsblk -o name,label' from the command line)
+{{:todo:flashmedia-step6.png?600|}}
+{{:todo:flashmedia-step6a.png?600|}}
+  * Click the checkbox next to the hard-drive and hit OK - this should now show as writable in UnBlock
+{{:todo:flashmedia-step7.png?600|}}
+  * Change the system policy to allow mounting devices in writable mode by right clicking the green disk icon in the task bar and selecting "make writable"
+{{:todo:flashmedia-step8.png?600|}}
+  * Open "caine's Home" again and find your hard-drive at the left - click to mount this. It will mount at /media/caine/$HARDDRIVE.
+{{:todo:flashmedia-step9.png?600|}}
+{{:todo:flashmedia-step10.png?600|}}
+  * Open the console and dump the USB using the following command 'sudo dd if=/dev/sdX/ of=/media/caine/$HARDDRIVE/backup.img bs=4M status=progress'
+{{:todo:flashmedia-step11.png?600|}}
+===== Gathering and Submitting Dump Info =====
+See [[submission:general|Gathering and Submitting Dump Info (Basic)]]