welcome to Advanced Elementary Forensic acquisition. Today, we're gonna do Dong Galis Cloud and persistent cloud acquisitions. So hold onto your pants.
All right, I'm just gonna select my
external SSD drive here,
as expected, the elementary splash screen pops up.
We'll give it just a second to load itself.
Now, this this process is completely stand alone. Like I said, I'm not connected to a network. I'm not controlling this from the controller.
This would be, Ah, just a ziff. You had the dongle in a and a uh,
the license dongle and a boot dongle and all that. Extra people got it all in one drive at this point,
all right? And we have our target drive up here at the top, which is course, very internal, hard drive.
Um, and you can see the destination. Dr. Automatically became the Samsung Portable that we had down there.
And then we just go ahead and acquire this as we normally would if we're requiring a dead dead boot, so we'll give it a name.
Case is a 001
Wherever popular, A 001 case
Examiner don't take shortcuts, right.
Almost spell my own name Dextre.
Um, in this case, it's a
until nook were acquiring.
I never like to rely on that.
Remember, Right. Due to your own documentation,
don't rely on tool documentation.
And then I like my file name to be just a, uh,
nice descriptor of what I have. So have case a 00
and, of course, in the A f f for format. And that, of course, is gonna auto verify on completion. So if everything went right, this should just kick off without a problem and apply the license
and acquire our drive.
And that's exactly what happened.
I love it when a plan comes together like that
a Z, you can see we're acquiring it, you know,
significantly, Goodspeed, right? At the limitation of what that hard drive can actually do it. 540 meg bytes per second.
Ah, so as you'd expect, about 7.5 minutes or so for it to to finish out this 200
with 223 gig hard drive there. So, you know, good speed. A suspected blazes simply stand alone. Network connection. No license. Dawn gold. No boot dongle everything together on one hard drive. Um, just making it happen.
Um, handy for those unusual situations that, you know, we frequently find ourselves in this forensic professionals
having to deal with different types of data acquisitions, things like this where we probably employ this the most is, ah, large enterprise data centre environments where stuffs on variety of different networks and things like that on but will collect from physical boxes using a bunch of
of software dangles like this to make it happen without
messing things up for having to trade. Don goes around the slow stuff down. So anyway, doing its thing as expected,
that's about all there is to Donald Elementary acquisition. Really straightforward.