Scribd Logo
Upload

Welcome to Scribd!

  • Case Project 2

    Uploaded by

    Qomindawo
    12 views2 pages
    Linux has forensic tools that allow acquisition of a disk that cannot be removed from the scene. A forensic Live CD, external drives, knowledge of altering the BIOS and Linux commands are needed. The disk will be acquired by booting the computer with the Live CD to access and copy an image of the disk without removing it physically.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Linux has forensic tools that allow acquisition of a disk that cannot be removed from the scene. A forensic Live CD, external drives, knowledge of altering the BIOS and Linux commands are needed. The disk will be acquired by booting the computer with the Live CD to access and copy an image of the disk without removing it physically.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    12 views2 pages

    Case Project 2

    Uploaded by

    Qomindawo
    Linux has forensic tools that allow acquisition of a disk that cannot be removed from the scene. A forensic Live CD, external drives, knowledge of altering the BIOS and Linux commands are needed. The disk will be acquired by booting the computer with the Live CD to access and copy an image of the disk without removing it physically.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    of 2

    Case Project: 2

    You need to acquire an image of a disk on a computer that can’t be removed from the scene,
    and you discover that it’s a Linux computer. What are your options for acquiring the image?
    Write a brief paper specifying the hardware and software you would use.

    Solution

    Description of Linux OS and commands used for acquisition.

    Linux is the operating system which has various pre-defined features of the forensics tools
    which are applicable for the data acquisition. One of the properties of the Linux is that it can
    access the drive which is not mounted.

    Physical access in the drive can be for the purpose of reading data done on a connected media
    device such as disk drive, USB drive, or other storage data.

    In the case where OS is Linux, for the data acquisition from the suspect computer, Linux base
    acquisition technique is used.

    The special feature of Linux Live CD is that it can read and mount most of the drivers. To
    perform the data acquisition, few tools are required:

    1.A forensic Live CD.

    2.A USB, SATA external drives with cables.

    3.Knowledge of alters the BIOS of suspect computer to run the Linux Live CD.

    4.Knowledge of shell command for data acquisition.

    The best solution is to remove the hard drive, connect it to another computer through a
    hardware write blocker, and then grab a complete image of it. However in this case project,
    disk can’t be removed that’s why you need to go with the forensics Live CD route, but since it
    involves booting the computer you may already trigger some firmware embedded code
    designed to alter/ destroy potential evidence (hard but not impossible to do, it depends on
    what kind of criminal you are after).

    You might also like