todo:rewritable_hard_disks_and_flash_media

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
todo:rewritable_hard_disks_and_flash_media [2021/12/07 22:48]
mictlantecuhtle added pictures, cleaned up steps, lsblk command for finding device labels 		todo:rewritable_hard_disks_and_flash_media [2022/07/27 14:13]
hiccup
Line 1: Line 1:
-====== Removable Flash Media ======+====== Rewritable Hard Disks and Flash Media ======
  
 ===== Introduction ===== ===== Introduction =====
 +{{wst>factory_save}}
  
 There is a risk when plugging USB devices or other writeable storage media into a conventional operating system that the OS will write to the device, meaning a clean dump of the original media cannot subsequently be made. To enable as clean as possible a dump to be preserved - even in the case of used devices it is good to avoid making any further changes. There is a risk when plugging USB devices or other writeable storage media into a conventional operating system that the OS will write to the device, meaning a clean dump of the original media cannot subsequently be made. To enable as clean as possible a dump to be preserved - even in the case of used devices it is good to avoid making any further changes.
  
-This method uses a forensics-oriented Linux distribution which defaults to blocking all devices in read-only mode to ensure as secure as possible an environment for imaging of writeable storage media.+This method uses a forensics-oriented Linux distribution which defaults to blocking all devices in read-only mode to ensure as secure as possible an environment (without using a hardware write blocker) for imaging of writeable storage media.
  
 ===== Methods ===== ===== Methods =====
Line 14: Line 15:
  
 ==== Method 1 ==== ==== Method 1 ====
 +[todo: elaborate]
  
 **Tools required** **Tools required**
Line 20: Line 22:
   * [[user:rufus|https://rufus.ie/en/]] (if making a bootable live USB)   * [[user:rufus|https://rufus.ie/en/]] (if making a bootable live USB)
  
 +Basically the process is the same as Method 2, but you *do not* enable the system-wide write access, instead you just connect your PC to the network and copy your dump to another device.
 ==== Method 2 ==== ==== Method 2 ====
  
Line 59: Line 62:
 {{:todo:flashmedia-step9.png?600|}} {{:todo:flashmedia-step9.png?600|}}
 {{:todo:flashmedia-step10.png?600|}} {{:todo:flashmedia-step10.png?600|}}
-  * Open the console and dump the USB using the following command 'sudo dd if=/dev/sdXof=/media/caine/$HARDDRIVE/backup.img bs=4M status=progress'+  * Open the console and dump the USB using the following command 'sudo dd if=/dev/sdX of=/media/caine/$HARDDRIVE/backup.img bs=4M status=progress'
 {{:todo:flashmedia-step11.png?600|}} {{:todo:flashmedia-step11.png?600|}}
 ===== Gathering and Submitting Dump Info ===== ===== Gathering and Submitting Dump Info =====
  
-See [[submission:YYY|Gathering and Submitting Dump Info for YYY]] +See [[submission:general|Gathering and Submitting Dump Info (Basic)]]
  • todo/rewritable_hard_disks_and_flash_media.txt
  • Last modified: 2022/07/27 14:13
  • by hiccup