Differences

This shows you the differences between two versions of the page.

--- todo:rewritable_hard_disks_and_flash_media [2022/03/31 03:04]
hiccup [Gathering and Submitting Dump Info]
+++ todo:rewritable_hard_disks_and_flash_media [2022/07/27 14:13] (current)
hiccup
@@ Line 1: / Line 1: @@
-====== Removable Flash Media ======
+====== Rewritable Hard Disks and Flash Media ======
 ===== Introduction =====
+{{wst>factory_save}}
 There is a risk when plugging USB devices or other writeable storage media into a conventional operating system that the OS will write to the device, meaning a clean dump of the original media cannot subsequently be made. To enable as clean as possible a dump to be preserved - even in the case of used devices it is good to avoid making any further changes.
-This method uses a forensics-oriented Linux distribution which defaults to blocking all devices in read-only mode to ensure as secure as possible an environment for imaging of writeable storage media.
+This method uses a forensics-oriented Linux distribution which defaults to blocking all devices in read-only mode to ensure as secure as possible an environment (without using a hardware write blocker) for imaging of writeable storage media.
 ===== Methods =====
@@ Line 61: / Line 62: @@
 {{:todo:flashmedia-step9.png?600|}}
 {{:todo:flashmedia-step10.png?600|}}
-  * Open the console and dump the USB using the following command 'sudo dd if=/dev/sdX/ of=/media/caine/$HARDDRIVE/backup.img bs=4M status=progress'
+  * Open the console and dump the USB using the following command 'sudo dd if=/dev/sdX of=/media/caine/$HARDDRIVE/backup.img bs=4M status=progress'
 {{:todo:flashmedia-step11.png?600|}}
 ===== Gathering and Submitting Dump Info =====
 See [[submission:general|Gathering and Submitting Dump Info (Basic)]]