Video Transcription

00:00
All right, This is basic, ever metric dead boot forensic acquisition using a wireless network.
00:08
Um, so the WiFi hardware that we use is gonna matter in this case, the target laptop or desktop that we have. Ah, out there, Um, in a commercial computer forensics environment. I mean, you know, I'm sure the government's no different.
00:25
You don't necessarily know what kind of laptop you're gonna be given. You know, whatthe wireless adapter. Is it in? And things like that. And quite honestly, I don't wanna have to waste time trying to figure that out. I'm here to acquire this this forensic image and, you know, and document the evidence and get out of here
00:44
as quickly as possible. Move on with
00:46
the more interesting parts of the job. Um, so t take care of that problem. What we do is we eliminate the local wireless adapter by using our own USB plug herbal while the staff tres In this case, we recommend using Panda Wireless P a u 05
01:06
and P a u 06
01:07
USB wireless network adapters. You can see here from the pictures. The 05 is just a little plug in dong go with no external antenna, and the 06 is pretty much the same. Plug an adapter. Ah, with a little Ah, I think it's nine d b of gain
01:23
while ihsaa antenna on there so you could pick up from a further distance.
01:29
Um, I honestly like the one of the intended better not because of the gain or anything else, or I'm seriously worried about that. I like it because I'm less likely to actually forget it. Leave it sitting in a computer.
01:42
So I think just because it sticks out a little bit more, we even have some that have, like, colored tape wrapped around the antenna just to remind us to grab it out of there. Either one of these adapters were extras. Great. They're available on amazon dot com. They're super cheap. $15 apiece.
01:59
They run on the 2.4 gigahertz
02:02
G and end networks.
02:06
Now, you're if you're
02:07
if you're thinking about this and go. But, Brian, those were slow networks, and, you know, I won't be able to get any good transfer and stuff like this. We're not transferring the data across the wireless network, right? Just like last course. We didn't transfer the data across the wired network. What we did is we managed it across the network,
02:24
so we're simply doing Ah, simple T l s connection
02:28
from our controller to the target system that's dead booted on dhe so we don't care about high bandwith. Uh, transfer between the two. We just want a good, stable connection. Also gonna show you that you can work on a bad, unstable connection.
02:45
Um, some of the other benefits of the panel's USB wireless network adapters
02:51
is there a fully compatible with pretty much every Lennox out there on doll versions of windows now are dead. Brutus is a course of Linux. Distribution on DSO grows flawlessly with those. I am sure that other adapters work. I'm sure that probably some adapters in some laptops work.
03:10
I just don't have the time
03:14
or the inclination to take chances every time we're in the field collecting data they said were there to get the job done and get in and get out. So these these air Ah, great way to do that. And like I said, they're super cheap and easy to use and, you know they're available to use on other projects. to, which is also fun.
03:35
Okay, so now that we've sorted everything out, we've got our modified elementary dead boot adaptor are dead. We dangle. We're gonna take that elementary WiFi, the new WiFi dead Buddha dangle and our panda USB wireless network adapter
03:52
to target computer. And we're gonna go ahead and start them up.
03:55
Um, the the elementary WiFi deadwood uncle should activate the pan to us be wireless network adapter right off the bat. Sorry. Spelling error there. I'll correct that for the next time automatically connected to the Atlantic DF wireless network.
04:12
Um, and And one way you can check for that is ah pointed out in the last course. You check the lower bottom right hand corner on your dead boot system and you should see that it picked up an I p address and, uh, and that it's actually connected the network and things like that.
04:29
So you might have to do you know, a little bit of network troubleshooting. There's always was a bit of fuss here and there. Sometimes
04:35
on, and then you just just treat it like any any other connection, just like we did last week with the the wire connection. Connect your computer. Running the every metric controller to that very same wireless network that's important. Have seen folks make that mistake to different wireless networks or something like this. Or ones on a wired network once on wireless and they can't talk to each other.
04:56
You wanna be on the same wireless network together.
04:58
Um, And you you just reach out across that wireless networking connect your ever met tree dead boot target system. So we're gonna do that right now on camera. It's gonna be super fun.
05:10
A SZ faras. Those sort of things Go and, uh, switch over there now.
05:14
All right. So as I discussed ah, previously we've taken our little dongle said about tags on both your
05:21
You're on your, uh, ever metric Don, will I, like tags on all my dog goes. I tend to forget these little things. They're too small, same sort of things. We use little key chain ones for our every metric boondoggles. Just because, you know, I've got a better chance seeing that hanging out of a computer
05:40
later on when we're counting up to make sure we have a lot of hardware,
05:44
we're gonna go ahead and take our new wireless Tongal and plug it into our target system.
05:48
Our target system is that same Intel nook that we had last course. Nothing too special about it. 256 gig, drive inside it. She could see I've got my
06:00
my panda p a o you 006 WiFi adapter plugged in. And of course, I've got my blessed us be hard drive that I have a place to store my forensic image.
06:13
So then I'm just gonna take I also have
06:15
just brought along, just in case, you know, you want to see it up close.
06:19
Hey, better when you can see it up close. Right? Um, the other p u fi. Like I said, I
06:26
not as big a fantasies. We do use them. But I feel like way I feel like we lose. A few of these are just small to get left behind.
06:34
All right, so we'll take our new wireless dead Brute Dong go. We're gonna go ahead and connect it in,
06:41
and then we're going to go ahead and fire up our target system from that new wife I ever met. Tree dead brute, Dangle. Just like we did before,
06:51
All right, while we're waiting for that to fire up and it is starting, just is expected here, taking a moment to get itself Food it up again. While you see, this is a very expensive wireless network with the
07:02
extra special Dong Dang Glick.
07:06
Why are there but yeah, just just any old wireless network of work. We have a variety of routers that we take out and throw down, um, to make it easier to do the collections and stuff like that. They don't have to be anything special. They don't need to be, you know, fancy or high speed or anything like that, because again
07:25
you're not pulling the data across the network. You're simply monitoring the process
07:30
as it occurs across the network. So there's there's really no data requirements, and as long as you have a strong signal and it can reach all the the end points, you're good to go.
07:42
All right. I can see on the other screen here that the dead boot agent is starting up nicely.
07:57
And the good news for me is in the lower right hand corner. Um, I can see that I did actually receive an I p address
08:07
currently listening for a connection from our controller. So we'll take a look at the controller and see if everything turned out right.

Up Next

Basic Evimetry Deadboot Forensic Acquisition: Wireless Network

This course covers how to edit the configuration of an Evimetry Deadboot dongle so that we can automatically boot a target system to a WIFI network. The course also covers managing the forensic imaging process over a wireless network and what to do if you lose connection to a running Evimetry forensic acquisition from the Evimetry Controller.

Instructed By

Instructor Profile Image
Brian Dykstra
CEO and President of Atlantic Data Forensics
Instructor