Video Transcription

00:00
All right. Welcome to basic elementary, dead boot forensic acquisition. And let's get right into this.
00:07
All right, as far as the elementary stack goes, we talked about this before. We're we're all over here on this far left side. So they control her, provides our management acquisition. Now is provisioning all that stuff there at the top today, we're all on the left side and the every metric dead boots. We're gonna use the imager and the dead boot agent
00:24
to go ahead and make our FF four container down there at the bottom.
00:29
So pretty straightforward.
00:31
Trust me. We're gonna get to the Cloud Live acquisition, too. That's coming.
00:36
All right, So first thing we want to do is we want to create an elementary dead boot USB dongle so that we can boot are our target system. Um, can't have a USB drive available to you. Thumb drive. It's gotta be at least two gigabytes in size because you're gonna write a nice so image to it. We need a
00:55
a copy of the elementary windows controller
00:58
because it's gonna actually create the USB dongle for us. The dead fruit dangle.
01:03
And we're gonna have a wanna have the latest copy of the elementary dead boot agent ice O on that window's controller system so that we can make multiple boondoggles and things like that. Ah, that I So for ever met tree is available to you
01:19
at my elementary dot com down there on their portal for software. Just log in. You
01:23
download the latest version and so on. So I'm gonna switch screens really quickly here. All right, so we've got our windows every metric controller here. We've got a couple of drives attached. The internal drive system boot device, which is course rs are physical device zero. I've got a,
01:44
well, uh,
01:45
14 gig. Um,
01:48
USB thumb drive attached here. As you can see by the checkmark physical drive here, I have a external western digital drive that the green check mark, you're following long last week in the basic use. The controller is our blessed repositories drives. That's the expat formatted disks that will allow us to write to.
02:07
But first, we're gonna concentrate on our
02:09
ah, USB thumb drive here, so I'm going to select it, and then I'm going to write quick and I'm gonna see Creed a dead food on that.
02:19
So it's gonna verify my device information for me there. It's physical drive one. It's my SanDisk ultra. It's 14.3 gig, all that sort of stuff. It's also gonna ask me if I want a quick format, the destination device. Don't see any reason not to. There's, you know, it's gonna go pretty quickly,
02:36
and then we'll just select a drive to get our eye. So image from so and it right here on our ever met tree. Um, Czar Cyberia drive Here we have our elementary dead boot, I So we're going to select that. Like I said, you have to download this in advance
02:53
and we're going to say okay to that and let it go ahead,
02:57
open that up and write it too.
03:00
Thumb drive here.
03:02
All right, so we've got everything. We got our drive. We've got our eye so that we're gonna burn. We're gonna go ahead and quick format, and we're going to say, OK,
03:14
it's gonna give us a little pop up. It says, Hey, make sure you want to do this right. It's gonna get a format, that disk, and it's ah gonna override anything that's on it. We're gonna say okay to that.
03:25
And then what you should see up here in our active operations window is it quickly goes ahead and formats that disk, and it starts creating our dead boot Agent. Just see here is copying files over and chunks things like this, huh?
03:43
I've news that it always slows down a bit, right at
03:46
3 10 out of 4 36 I think it's actually just a
03:51
catching up with writing to your USB thumb drive media. Um, you know, USB thumb drive they use for a dead boot agent doesn't have to be particularly fast, doesn't it? Doesn't have to be a great quality device or anything like that. They're they're kind of disposable. They get overwritten all the time. Um,
04:09
so you know, you don't don't really need to spend a lot of money on him. And, of course, that the cheaper ones
04:14
our Ah, a little bit slower. Now, if you want to speed the whole process up a ce faras booting, you're dead boot agent copying these over things like that, you know, it might pay to go ahead and use a little bit faster USB thumb, drive me a little bit better quality stuff that you pay a few dollars more for that sort of thing.
04:30
We're just gonna go ahead and let this right itself over.
04:34
Ah, whole process should take about three minutes.

Up Next

Basic Evimetry Deadboot Forensic Acquisition: Wired and Local

This course covers using the creating an Evimetry Deadboot dongle to create a forensic image from a bootable USB thumb drive. We’ll also walk through using the Evimetry Deadboot dongle to directly create a forensic image from the target computer.

Instructed By

Instructor Profile Image
Brian Dykstra
CEO and President of Atlantic Data Forensics
Instructor