Scribd
Upload
36 views

SCI 4201 Practicals: Bethel Chaka N0161068D May 13, 2020

The document discusses acquiring an image of a disk from a Linux computer that cannot be removed from the scene. It states that Linux has predefined forensics software features that allow accessing unmounted drives. It recommends using a forensic Live CD, external drive, write blocker, and knowledge of commands to detach the hard drive, attach it via write blocker to another device, and grab a complete image. The best approach is to use a Live CD to boot without altering potential evidence on the device.

Uploaded by

Qomindawo
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
36 views

SCI 4201 Practicals: Bethel Chaka N0161068D May 13, 2020

The document discusses acquiring an image of a disk from a Linux computer that cannot be removed from the scene. It states that Linux has predefined forensics software features that allow accessing unmounted drives. It recommends using a forensic Live CD, external drive, write blocker, and knowledge of commands to detach the hard drive, attach it via write blocker to another device, and grab a complete image. The best approach is to use a Live CD to boot without altering potential evidence on the device.

Uploaded by

Qomindawo
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

SCI 4201 Practicals

Bethel Chaka N0161068D


May 13, 2020

1
1. You need to acquire an image of a disk on a computer that can’t
be removed from the scene, and you discover that it’s a Linux com-
puter. What are your options for acquiring the image? Write a brief
paper specifying the hardware and software you would use.
• Solution
Linux is the operating system that has some predefined features of the
forensics software related to data acquisition. One of the Linux’s features
is that it can access unmounted drives.

For the purpose of reading data on a connected media device such as


disk drive, USB drive, or other storage data, physical access in the drive
may be required. In the case where OS is Linux, Linux base acquisition
technique is used for the data acquisition from the suspect computer.

Linux Live CD’s unique feature is that it’s able to read and load most
drivers. Few tools are required to perform the data acquisition:

• A forensic Live CD

• A USB, SATA external drives with cables.

• Knowledge of altering the BIOS of suspect computer to run the Linux


Live CD.

• Knowledge of shell command for data acquisition.

The best approach is to detach the hard drive, attach it via a hard-
ware write blocker to another device, and then grab a complete im-
age of it.That’s why you need to go with the Live CD route foren-
sics, but since it includes booting the device you might already cause
some firmware embedded code designed to alter / destroy potential
evidence (hard but not impossible to do, it depends on what sort of
criminal you are after).

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy