Scribd Logo
Upload

Welcome to Scribd!

  • Working 1

    Uploaded by

    Dhananjay Chhabra
    8 views2 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as txt, pdf, or txt
    8 views2 pages

    Working 1

    Uploaded by

    Dhananjay Chhabra

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as txt, pdf, or txt
    of 2

    sudo apt-get install update && Upgrade

    Enable USB for your system

    Lab : Evidence Acquisition (Collection of Information) using DC3DD and Guymager

    Command 0: sudo -i (Getting into the root mode)


    type in the password

    1.) fdisk -l

    /dev/sda1
    S (SCSI - Small COmputer System Interface)
    D (Driver)
    A (Disk Name/Partition Name)

    /dev/sdb1

    2.) DC3DD (Department of Defence Cyber Crime Center Data Dump)

    Installation Command : sudo apt-get install dc3dd

    dc3dd --help (Important)


    dc3dd --version
    dc3dd --flag

    dc3dd --help

    Options
    i)If = /dev/sdb
    ii)Hash = md5
    iii)log = dc3dd_CFT
    iv)of = test1.dd
    v) ofs(set of)
    vi)ofsz(of size)

    Advanced Options

    Capturing Image without Splitting--> dc3dd if=/dev/sdb hash=md5 log=abc123


    of=test1.dd

    Capturing Image With Splitting--> dc3dd if=/dev/sdb hash=md5 log=abc123 ofsz=1024M


    ofs=test1.img.000

    test1.img.01
    test1.img.02
    test1.img.03
    .
    .
    .
    .
    .
    .
    test1.img.15

    2.) Guymager
    sudo guymager
    password

    right click on usb Drive and Start with Imaging


    (Do all required Settings)
    Define Path for saving Acquired Image

    You might also like