todo:rewritable_hard_disks_and_flash_media

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Last revision Both sides next revision
todo:rewritable_hard_disks_and_flash_media [2021/12/07 22:48]
mictlantecuhtle added pictures, cleaned up steps, lsblk command for finding device labels 		todo:rewritable_hard_disks_and_flash_media [2022/07/27 14:13]
hiccup ↷ Page name changed from todo:removable-flash-media to todo:rewritable_hard_disks_and_flash_media
Line 2: Line 2:
  
 ===== Introduction ===== ===== Introduction =====
 +{{wst>factory_save}}
  
 There is a risk when plugging USB devices or other writeable storage media into a conventional operating system that the OS will write to the device, meaning a clean dump of the original media cannot subsequently be made. To enable as clean as possible a dump to be preserved - even in the case of used devices it is good to avoid making any further changes. There is a risk when plugging USB devices or other writeable storage media into a conventional operating system that the OS will write to the device, meaning a clean dump of the original media cannot subsequently be made. To enable as clean as possible a dump to be preserved - even in the case of used devices it is good to avoid making any further changes.
  
-This method uses a forensics-oriented Linux distribution which defaults to blocking all devices in read-only mode to ensure as secure as possible an environment for imaging of writeable storage media.+This method uses a forensics-oriented Linux distribution which defaults to blocking all devices in read-only mode to ensure as secure as possible an environment (without using a hardware write blocker) for imaging of writeable storage media.
  
 ===== Methods ===== ===== Methods =====
Line 14: Line 15:
  
 ==== Method 1 ==== ==== Method 1 ====
 +[todo: elaborate]
  
 **Tools required** **Tools required**
Line 20: Line 22:
   * [[user:rufus|https://rufus.ie/en/]] (if making a bootable live USB)   * [[user:rufus|https://rufus.ie/en/]] (if making a bootable live USB)
  
 +Basically the process is the same as Method 2, but you *do not* enable the system-wide write access, instead you just connect your PC to the network and copy your dump to another device.
 ==== Method 2 ==== ==== Method 2 ====
  
Line 59: Line 62:
 {{:todo:flashmedia-step9.png?600|}} {{:todo:flashmedia-step9.png?600|}}
 {{:todo:flashmedia-step10.png?600|}} {{:todo:flashmedia-step10.png?600|}}
-  * Open the console and dump the USB using the following command 'sudo dd if=/dev/sdXof=/media/caine/$HARDDRIVE/backup.img bs=4M status=progress'+  * Open the console and dump the USB using the following command 'sudo dd if=/dev/sdX of=/media/caine/$HARDDRIVE/backup.img bs=4M status=progress'
 {{:todo:flashmedia-step11.png?600|}} {{:todo:flashmedia-step11.png?600|}}
 ===== Gathering and Submitting Dump Info ===== ===== Gathering and Submitting Dump Info =====
  
-See [[submission:YYY|Gathering and Submitting Dump Info for YYY]] +See [[submission:general|Gathering and Submitting Dump Info (Basic)]]
  • todo/rewritable_hard_disks_and_flash_media.txt
  • Last modified: 2022/07/27 14:13
  • by hiccup