todo:rewritable_hard_disks_and_flash_media

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Next revision Both sides next revision
todo:rewritable_hard_disks_and_flash_media [2021/12/05 09:35]
mictlantecuhtle 		todo:rewritable_hard_disks_and_flash_media [2022/01/10 13:36]
hiccup [Method 1]
Line 14: Line 14:
  
 ==== Method 1 ==== ==== Method 1 ====
 +[todo: elaborate]
  
 **Tools required** **Tools required**
Line 20: Line 21:
   * [[user:rufus|https://rufus.ie/en/]] (if making a bootable live USB)   * [[user:rufus|https://rufus.ie/en/]] (if making a bootable live USB)
  
 +Basically the process is the same as Method 2, but you *do not* enable the system-wide write access, instead you just connect your PC to the network and copy your dump to another device.
 ==== Method 2 ==== ==== Method 2 ====
  
Line 29: Line 31:
 **Process** **Process**
  
-Do not connect the external storage media that you wish to dump until instructed to do so.+  * Do not connect the external storage media that you wish to dump until instructed to do so
 +  * Download CAINE from the link above 
 +  * Either burn the ISO to a DVD or create a bootable live USB using Rufus. Insert the burned disc or USB into your system and reboot into CAINE 
 +  * Check that the system-level mount policy is set to read-only (disk icon in the taskbar should be green). If this is red, right click it and change to read-only.
  
-  Download CAINE from the link above +{{:todo:flashmedia-step1.png?600|}} 
-  - Either burn the ISO to a DVD or create a bootable live USB using RufusInsert the burned disc or USB into your system and reboot into CAINE +  Run UnBlock - this should show you a list of devices that are currently attached to the system.
-  - Check that the system-level mount policy is set to read-only (disk icon in the taskbar should be green). If this is red, right click it and change to read-only. +
-  - Run UnBlock - this should show you a list of devices that are currently attached to the system. +
-  - At this stage, connect the media you wish to dump and hit refresh in UnBlock. This should show up in UnBlock now with a policy of read-write. Change this to read-only (tick the checkbox next to it in the listing and then hit OK) +
-  - From the list of devices, find and make a note of the device name related to the media you wish to dump (for the rest of this guide we'll call this //sdX//) +
-  - Open "caine's Home" and, from the list of devices at the left, find either an internal or external hard-drive to which you want to save the image. The device labels should be the same as you can see in your normal OS (e.g. Windows, Storage, Elements etc.) (for the rest of this guide we'll call this //$HARDDRIVE//+
-  - Go back to unblock and find this hard-drive in the list of devices - hopefully it should be obvious from the relative sizes, otherwise you can find device labels by ([method TBC]) +
-  - Click the checkbox next to the hard-drive and hit OK - this should now show as Read-Write in UnBlock +
-  - Change the system policy to allow mounting devices in writable mode by right clicking the green disk icon in the task bar and selecting "make writable" +
-  - Open "caine's Home" again and find your hard-drive at the left - click to mount this. It will mount at /media/caine/$HARDDRIVE. +
-  - Open the console and dump the USB using the following command 'sudo dd if=dev/sdX/ of=/media/caine/$HARDDRIVE/backup.img bs=4M'+
  
 +{{:todo:flashmedia-step2.png?600|}}
 +  * At this stage, connect the media you wish to dump and hit refresh in UnBlock. This should show up in UnBlock now with a device-level policy of writable. 
 +{{:todo:flashmedia-step3.png?600|}}
 +  * Change this to read-only by ticking the checkbox next to it in the listing and then hit OK)
 +  * From the list of devices, find and make a note of the device name related to the media you wish to dump (for the rest of this guide we'll call this //sdX//)
 +{{:todo:flashmedia-step4.png?600|}}
 +  * Open "caine's Home" and, from the list of devices at the left, find either an internal or external hard-drive to which you want to save the image. The device labels should be the same as you can see in your normal OS (e.g. Windows, Storage, Elements etc.) (for the rest of this guide we'll call this //$HARDDRIVE//)
 +
 +{{:todo:flashmedia-step5.png?600|}}
 +  * Go back to unblock and find this hard-drive in the list of devices - hopefully it should be obvious from the relative sizes, otherwise you can find device labels by using the command 'lsblk -o name,label' from the command line)
 +{{:todo:flashmedia-step6.png?600|}}
 +{{:todo:flashmedia-step6a.png?600|}}
 +  * Click the checkbox next to the hard-drive and hit OK - this should now show as writable in UnBlock
 +
 +{{:todo:flashmedia-step7.png?600|}}
 +  * Change the system policy to allow mounting devices in writable mode by right clicking the green disk icon in the task bar and selecting "make writable"
 +
 +{{:todo:flashmedia-step8.png?600|}}
 +  * Open "caine's Home" again and find your hard-drive at the left - click to mount this. It will mount at /media/caine/$HARDDRIVE.
 +
 +{{:todo:flashmedia-step9.png?600|}}
 +{{:todo:flashmedia-step10.png?600|}}
 +  * Open the console and dump the USB using the following command 'sudo dd if=/dev/sdX/ of=/media/caine/$HARDDRIVE/backup.img bs=4M status=progress'
 +{{:todo:flashmedia-step11.png?600|}}
 ===== Gathering and Submitting Dump Info ===== ===== Gathering and Submitting Dump Info =====
  
 See [[submission:YYY|Gathering and Submitting Dump Info for YYY]] See [[submission:YYY|Gathering and Submitting Dump Info for YYY]]
  
  • todo/rewritable_hard_disks_and_flash_media.txt
  • Last modified: 2022/07/27 14:13
  • by hiccup