Video Transcription

00:00
welcome to Advanced Elementary Forensic acquisition. Today, we're gonna do Dong Galis Cloud and persistent cloud acquisitions. So hold onto your pants.
00:10
All right, I'm just gonna select my
00:12
external SSD drive here,
00:16
and,
00:17
as expected, the elementary splash screen pops up.
00:22
We'll give it just a second to load itself.
00:25
Now, this this process is completely stand alone. Like I said, I'm not connected to a network. I'm not controlling this from the controller.
00:32
This would be, Ah, just a ziff. You had the dongle in a and a uh,
00:38
the license dongle and a boot dongle and all that. Extra people got it all in one drive at this point,
00:49
all right? And we have our target drive up here at the top, which is course, very internal, hard drive.
00:57
Um, and you can see the destination. Dr. Automatically became the Samsung Portable that we had down there.
01:03
And then we just go ahead and acquire this as we normally would if we're requiring a dead dead boot, so we'll give it a name.
01:12
Case is a 001
01:15
Wherever popular, A 001 case
01:19
tagged one
01:21
Examiner don't take shortcuts, right.
01:26
Almost spell my own name Dextre.
01:30
Um, in this case, it's a
01:33
until nook were acquiring.
01:37
I never like to rely on that.
01:40
Remember, Right. Due to your own documentation,
01:42
don't rely on tool documentation.
01:45
And then I like my file name to be just a, uh,
01:48
nice descriptor of what I have. So have case a 00
01:52
through one
01:53
tag one
01:56
and, of course, in the A f f for format. And that, of course, is gonna auto verify on completion. So if everything went right, this should just kick off without a problem and apply the license
02:07
and acquire our drive.
02:10
And that's exactly what happened.
02:15
I love it when a plan comes together like that
02:19
a Z, you can see we're acquiring it, you know,
02:22
significantly, Goodspeed, right? At the limitation of what that hard drive can actually do it. 540 meg bytes per second.
02:30
Ah, so as you'd expect, about 7.5 minutes or so for it to to finish out this 200
02:38
with 223 gig hard drive there. So, you know, good speed. A suspected blazes simply stand alone. Network connection. No license. Dawn gold. No boot dongle everything together on one hard drive. Um, just making it happen.
02:54
Um, handy for those unusual situations that, you know, we frequently find ourselves in this forensic professionals
03:01
having to deal with different types of data acquisitions, things like this where we probably employ this the most is, ah, large enterprise data centre environments where stuffs on variety of different networks and things like that on but will collect from physical boxes using a bunch of
03:22
of, ah,
03:23
of software dangles like this to make it happen without
03:28
messing things up for having to trade. Don goes around the slow stuff down. So anyway, doing its thing as expected,
03:35
that's about all there is to Donald Elementary acquisition. Really straightforward.

Up Next

Advanced Evimetry Forensic Acquisition: Dongle-less, Cloud and Persistent Cloud

In this free course we will explore how to use the temporarily licensed, Evimetry Dongle-less and Cloud Agent to do complex acquisitions of off network equipment and AWS, Azure or other cloud instances.

Instructed By

Instructor Profile Image
Brian Dykstra
CEO and President of Atlantic Data Forensics
Instructor