All right. Welcome to basic elementary, Dead boot. Forensic acquisition. Today we're gonna do this on ah, both a wired network hooked up via cat, five cats, six network cabling. And we're going to a local acquisition from the dead boot agents. Let's get right into this.
All right? My name is Brian Dykstra. I'm the CEO of Atlantic Data Forensics That was a co founder of Mandy and ah, used to do some cybercrime in section of the FBI Academy of a military intelligence background. A whole bunch of
of certifications, things like that. If you have any questions about this presentation, feel free to reach out to me at cyber ery at atlantic DF dot com. And let's get right into this.
Alright. Atlantic Data forensics were founded back in 2007 headquartered in Elkridge, Maryland. Right off the 95 near the Baltimore Washington International Airport were computer forensics company. We do a lot of civil and criminal litigation work, forensics surrounding that,
most. That's via law firms. Things like this internal general counsels that sort of thing.
Ah, we have a full scale discovery practice in case you have to do a large scale litigation for law firms, and we provide 24 hour a day incident response services to AH, our clients and other folks that need that sort of thing. Is was a lot of
internal corporate investigations. HR investigations, that sort of thing. There's data and everything right.
We also have instant response, training and exercise that we provide for our clients.
And we have offices in Denver and Detroit as well as Maryland trying to get to Houston this year looking for Houston.
All right, so prerequisites for this course got a little bit more prerequisites in some of the previous courses.
Again, let me remind you, any time we're going to do forensic acquisition, it's important every single time. Never fail. Before you start touching computers, start touching hard drives, putting equipment together, right blocks, all that sort of thing. You need to document your evidence, right?
Get all those serial numbers All those model numbers. When, Where? How all that sort of stuff.
If you're not sure on how to do this see my cyber a course on evidence handling doing it the right way.
I can't stress this enough document first, then collect. You only get one chance to document.
All right, Um, also might want to take a look at my course introduction to the elementary controller. We're gonna be using the controller today
and you get yourself a full featured evaluation copy of ever Met Tree at the U. R L there my elementary dot com. They're nice enough to give you a 30 day license. I believe of that. And then if you need more information about the actual A f f for format that were collecting into there's a course presentation on that on introduction f of four.
But I like the advancing if a four document that they haven't ever met Trade explains all the deep tar technical details
of the A F f for format for forensic acquisitions. It's very good. Read lots of pictures, lots of charges, lots of comparisons. Really well done. Presentation worth looking at.
All right. Course material gonna need today. Ah, Internet connected commuter. Because you know who doesn't need that? Right? Um, evaluation copy of every metre. If you're planning on following along in the home version, you're gonna need an evidence computer or drive. In this case, we're gonna want to use an evidence computer
although you could have bulls, right, You can have a drive. Look to that computer or something like that. That's the
computer we're actually gonna collect from. Um,
we have ah, cat five or cat six wired network. In this case, I'm just using a little links. Is here to do that for us on a d. C. P. Source. So we are going to need to have that
the the both machine doing the acquisition and the target system to be able to pick up an I P. Address. So I get a new devotee HCP source and again in this case, and I'll show you the equipment here in a minute. We just have a little Linksys router. Doing this forest makes it simple. And then, of course, the storage drive for all your forensic images to go to.
So a little bit of material a little bit more and we normally do, but
All right, target audience for today, obviously, computer forensics professionals, incident responders. You know, instant response is just ah, friends. He's done a little bit differently right on, then. Information technology. I t pros out there that might get, you know, forced into a situation where they have toa
do some forensic acquisitions. It's a great way to do it. Make sure you've got everything done right.
Are learning objectives for today we go through. Ah, a number of different things here. So we're gonna talk about how to create a never met tree dead boot, USB dongle. We're gonna talk about how Teoh dead Buddha target computer Forever Men tree acquisition.
Um, using the dead boot method we're gonna use, Ah, the elementary license dongle to actually perform a local acquisition with the dead boot dongle. So we could actually do all of that on the target system at one time. And then we're gonna show you the more common way we do this, which is, we use the elementary, USB dongle
and the elementary controller to manage a forensic exposition across
ah, wired network and doing that method weaken, acquire a number of different machines at one time and just manage them all from the central controller, which is really one of the bonus features of using every metric