2.3 Two Methods of Deadboot Acquisition

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *

Already have an account? Sign In »

37 minutes
Video Transcription
All right. Welcome to basic elementary, dead boot forensic acquisition. And let's get right into this.
So before we get started on this dead boot acquisition here, there's really two methods for doing this. Um, we computed target computer from the ever met tree dead boondoggle. The one that we just made
and we can acquire ah, forensic image locally there. So we don't involve the controller at all. We just do everything on the machine, and we're gonna do that here.
Um, we can also booed Atari computer from the ever metric dead boot dongle. And we can manage the forensic acquisition across the network from the controller. And we're gonna we're gonna do that to just you can see how that works. And they say that that's the more common way we're doing this because,
you know, every once in a while we do have a one C to Z machine situation, But often times we're collecting 15 2030
computers at at one time. So I want to be collecting a CZ quickly as possible in both of these scenarios. Doesn't matter what you're doing when you're doing the dead, but locally or I'm doing the dead boot with using the controller to manage my acquisitions.
All the forensic images air still being stored
on a USB drive that's blessed, that's collect. That's connected to that target computer rights and none of this. None of this network. None of the data is going across the network or anything like that. So if we're doing it from the Windows controller, all we're doing is managing the process. There I were setting up our tags, and we're
deciding you know how we want the images made and what kind of compression we want to use all those sort of things.
But we're still storing all of the friends of damaged, if of four image local to a USB hard drive plugged into that target computer, which means that it doesn't matter what you do it locally.
A CZ we're gonna do from the command prompt over here, or whether you do it from the control or it's gonna be equally as fast. You're never dragging any data across the network or anything like that
Up Next