< All Computer Hacking and Forensics Notes

cwolfe | Computer and Hacking Forensics | Module 9 – Data Acquisition

By: cwolfe | Related Course: Computer Hacking and Forensics | Published: September 17, 2017 | Modified: October 9, 2017
Join Cybrary

Notepadautopsy sleuthkit lab

Sleuthkit 

install this via command prompt. 

Don’t have to turn off javascript… specifically if you’re in an isolated environment. 

have to create the case and list the name and pertinent details. 

There is a timeskew option to line things up. 


NotepadData Acquisition

acquisition: to acquire

typically working with hard drives among other types of mediums (logical).  Ex- Serial cable or USB. 

Tools: Drive spy, FTK imager, DD Command [open source] 

need to know some linux. download ISOs either on computer or via VM. 

DD command is highly unforgiving like robocopy. 

Others: net cat, MASSter, GPStamp, write protect, logic cube adapter 


Notepadhandle lab

utility handle

CMD -> handle /?

this retrieves info on handle commands.

may want to put this info in a .txt 

handle -a >> handleexample.txt 


Notepadlistdlls Lab

list dlls = list dynamic link library

go to listdlls /?

and then gives you the prompts to narrow down your search. 

run this against an application or specific process. 


NotepadPMDump lab

CMD prompt

type: pmdump /?

this dumps memory contents to a file or as a list

>> redirects to another location such as txt file

captures output and memory. 


NotepadpromiscDetec

PromiscDetec.exe

CMD utility. tells info about network adapter card and whether or not its in promiscuous mode. 

 


Notepadruntime disk explorer NTFS

provides boot sector info such as bytes per sector  among other important items. 

assists with rebuilding drives forensically. 


Notepaduptime lab

uptime is a unix CMD. It provides timestamp info and how many users. if you do man uptime then it provides further info. 


< All Computer Hacking and Forensics Notes
Join Cybrary

Our Revolution

We believe Cyber Security training should accessible for everyone, everywhere. Everyone deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is the world's largest community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel