Video Transcription

00:00
All right. Welcome to basic elementary, dead boot forensic acquisition. And let's get right into this.
00:07
So back over here on our controller window a CZ you can see. Ah,
00:12
elementary. Just just whipping along here. We've got ah. Already 100 and 50. 660 can keep up fast enough. Gig acquired of that 223 gig, uh, SSD drive in there. Um, at 543 may per second, which is a great collection speed,
00:31
obviously collection speeds very, you know, depending on, you know,
00:36
age of the device. What type of connected and has things like this. But we find that that that's a pretty normal collection speed to get
00:45
just using, you know, commodity equipment. They said we're not
00:48
We're not using anything too fancy here. That's a
00:51
em to drive inside of that nook. Um, and it's it's just going out to a standard western digital commodity off the shelf. Us be external drive USB three. So nothing, Nothing too fancy. You get into some older computers where you might be limited to us. Be too
01:10
output and things like that that, you know, this is just gonna take a bit more time
01:14
because you don't have the, you know, the greatest band with on that channel to write out to. Ah, but in general, this is Ah, this is about how ah collection goes. I think some of our fastest connections on some newer Max and things like this of
01:29
we required so fast that we actually were concerned that we hadn't gotten evidence and things like that. Collections to take 45 minutes. Things like this. So,
01:38
um, but we'll do that over a Siri's here. Ah, syriza courses will take a look at some other acquisition methods. I'm sure right now you're thinking yourself. Well, this is great, Brian, we're over. We're over a wired network here,
01:53
but I don't have a wired network where all my all my laptops or wireless in my location. What? No idea. Well, that's great. Course we're gonna do next week is gonna be on how to configure your dead boot dangles to work over a wireless network
02:07
on, and you're gonna find out that, you know, once we make a little bit of changes to the configuration files for the dead boot, um, you can acquire a very same way again just managing it over a wired wireless network, Um, and getting exactly the same collection speeds because again, you're still
02:24
collecting writing that date out locally attached drives
02:29
on the target computer. And having said that, our image just finished itself up. It's going through the verification process, which is happening even faster because of that
02:43
block compression. Hera scares me of the method that they had that elementary uses for that. And then, of course, we get our act acquisition completion. We get all our verification information are ah, mapped hash. That was That was the word I was looking for.
02:59
Mapped hash is that it uses for that, and we are good.
03:04
And that's really everything you need to know about, um, creating images using dead boot across a wired network. Um, very simple process. Really effective, really fast.

Up Next

Basic Evimetry Deadboot Forensic Acquisition: Wired and Local

This course covers using the creating an Evimetry Deadboot dongle to create a forensic image from a bootable USB thumb drive. We’ll also walk through using the Evimetry Deadboot dongle to directly create a forensic image from the target computer.

Instructed By

Instructor Profile Image
Brian Dykstra
CEO and President of Atlantic Data Forensics
Instructor