3.3 Acquisition Summary

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *

Already have an account? Sign In »

37 minutes
Video Transcription
All right. Welcome to basic elementary, dead boot forensic acquisition. And let's get right into this.
So back over here on our controller window a CZ you can see. Ah,
elementary. Just just whipping along here. We've got ah. Already 100 and 50. 660 can keep up fast enough. Gig acquired of that 223 gig, uh, SSD drive in there. Um, at 543 may per second, which is a great collection speed,
obviously collection speeds very, you know, depending on, you know,
age of the device. What type of connected and has things like this. But we find that that that's a pretty normal collection speed to get
just using, you know, commodity equipment. They said we're not
We're not using anything too fancy here. That's a
em to drive inside of that nook. Um, and it's it's just going out to a standard western digital commodity off the shelf. Us be external drive USB three. So nothing, Nothing too fancy. You get into some older computers where you might be limited to us. Be too
output and things like that that, you know, this is just gonna take a bit more time
because you don't have the, you know, the greatest band with on that channel to write out to. Ah, but in general, this is Ah, this is about how ah collection goes. I think some of our fastest connections on some newer Max and things like this of
we required so fast that we actually were concerned that we hadn't gotten evidence and things like that. Collections to take 45 minutes. Things like this. So,
um, but we'll do that over a Siri's here. Ah, syriza courses will take a look at some other acquisition methods. I'm sure right now you're thinking yourself. Well, this is great, Brian, we're over. We're over a wired network here,
but I don't have a wired network where all my all my laptops or wireless in my location. What? No idea. Well, that's great. Course we're gonna do next week is gonna be on how to configure your dead boot dangles to work over a wireless network
on, and you're gonna find out that, you know, once we make a little bit of changes to the configuration files for the dead boot, um, you can acquire a very same way again just managing it over a wired wireless network, Um, and getting exactly the same collection speeds because again, you're still
collecting writing that date out locally attached drives
on the target computer. And having said that, our image just finished itself up. It's going through the verification process, which is happening even faster because of that
block compression. Hera scares me of the method that they had that elementary uses for that. And then, of course, we get our act acquisition completion. We get all our verification information are ah, mapped hash. That was That was the word I was looking for.
Mapped hash is that it uses for that, and we are good.
And that's really everything you need to know about, um, creating images using dead boot across a wired network. Um, very simple process. Really effective, really fast.
Up Next