todo:rewritable_hard_disks_and_flash_media

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
todo:removable-flash-media [2021/12/07 23:48] – added pictures, cleaned up steps, lsblk command for finding device labels mictlantecuhtletodo:rewritable_hard_disks_and_flash_media [2026/01/02 23:16] (current) hiccup
Line 1: Line 1:
-====== Removable Flash Media ======+====== Rewritable Hard Disks and Flash Media ======
  
 ===== Introduction ===== ===== Introduction =====
 +{{wst>factory_save}}
  
-There is a risk when plugging USB devices or other writeable storage media into a conventional operating system that the OS will write to the device, meaning a clean dump of the original media cannot subsequently be made. To enable as clean as possible a dump to be preserved - even in the case of used devices it is good to avoid making any further changes.+There is a risk when plugging USB devices or other writeable storage media into a conventional operating system that the OS will write to the device, meaning a clean dump of the original media cannot subsequently be made. To enable as clean as possible a dump to be preserved - even in the case of used devices it is good to avoid making any further changes. Note that the write-protect switches that some SD cards doesn't actually prevent writes - if it works, it just tells the reader to not write to the card - not all readers will comply with this.
  
-This method uses a forensics-oriented Linux distribution which defaults to blocking all devices in read-only mode to ensure as secure as possible an environment for imaging of writeable storage media.+This method uses a forensics-oriented Linux distribution which defaults to blocking all devices in read-only mode to ensure as secure as possible an environment (without using a hardware write blocker) for imaging of writeable storage media. 
 + 
 +{{wst>dumping_important_notes}}
  
 ===== Methods ===== ===== Methods =====
Line 14: Line 17:
  
 ==== Method 1 ==== ==== Method 1 ====
- 
 **Tools required** **Tools required**
   * External USB drive of at least 4GB OR a writeable DVD   * External USB drive of at least 4GB OR a writeable DVD
Line 20: Line 22:
   * [[user:rufus|https://rufus.ie/en/]] (if making a bootable live USB)   * [[user:rufus|https://rufus.ie/en/]] (if making a bootable live USB)
  
 +Basically the process is the same as Method 2, but you *do not* enable the system-wide write access, instead you just connect your PC to the network and copy your dump to another device.
 ==== Method 2 ==== ==== Method 2 ====
  
Line 59: Line 62:
 {{:todo:flashmedia-step9.png?600|}} {{:todo:flashmedia-step9.png?600|}}
 {{:todo:flashmedia-step10.png?600|}} {{:todo:flashmedia-step10.png?600|}}
-  * Open the console and dump the USB using the following command 'sudo dd if=/dev/sdXof=/media/caine/$HARDDRIVE/backup.img bs=4M status=progress'+  * Open the console and dump the USB using the following command 'sudo dd if=/dev/sdX of=/media/caine/$HARDDRIVE/backup.img bs=4M status=progress'
 {{:todo:flashmedia-step11.png?600|}} {{:todo:flashmedia-step11.png?600|}}
 ===== Gathering and Submitting Dump Info ===== ===== Gathering and Submitting Dump Info =====
  
-See [[submission:YYY|Gathering and Submitting Dump Info for YYY]] +See [[submission:general|Gathering and Submitting Dump Info (Basic)]]
  • todo/rewritable_hard_disks_and_flash_media.1638917294.txt.gz
  • Last modified: 2021/12/07 23:48
  • by mictlantecuhtle