- Видео 4
- Просмотров 51 934
DFIR Noob
США
Добавлен 3 апр 2021
I am an aspiring Digital Forensic Investigator. This channel was created to discuss the tools, techniques and procedures used during a digital forensic incident response and investigation. My hope is that this will attract experienced professionals and newbies (like me) to comment and discuss all things Digital Forensics!
How to Build a PC
This is my first ever PC Build! Apologies in advance for the video production. I was filming with my phone and switched between portrait and landscape recording. My video editing software does not allow me to rotate the view during editing so some parts of the video will appear sideways. I hope you enjoy my build, it was a blast making it!
Here is a list of the components and tools I used:
Tower:
NZXT H510i Mid-Tower ATX Case
www.newegg.com/matte-black-red-nzxt-h-series-h510i-atx-mid-tower/p/N82E16811146319
Motherboard:
Gigabyte B450 Aorus Pro WiFi
www.newegg.com/gigabyte-b450-aorus-pro-wifi/p/N82E16813145082?Description=aorus%20b450%20pro%20wifi&cm_re=aorus_b450%20pro%20wifi-_-13-145-082-_-Prod...
Here is a list of the components and tools I used:
Tower:
NZXT H510i Mid-Tower ATX Case
www.newegg.com/matte-black-red-nzxt-h-series-h510i-atx-mid-tower/p/N82E16811146319
Motherboard:
Gigabyte B450 Aorus Pro WiFi
www.newegg.com/gigabyte-b450-aorus-pro-wifi/p/N82E16813145082?Description=aorus%20b450%20pro%20wifi&cm_re=aorus_b450%20pro%20wifi-_-13-145-082-_-Prod...
Просмотров: 62
Видео
Creating a Forensic Image with dd
Просмотров 20 тыс.3 года назад
This video goes over how to create a forensic image using the Windows command line with the dd tool. For more information on dd and how to download it visit www.chrysocome.net/dd CAUTION: dd is a powerful command line tool that can erase ALL of your data. Please make sure you are using the tool properly before executing any commands. If able, test the tool in a Virtual Machine (VM) environment ...
How to make a Forensic Image with FTK Imager
Просмотров 29 тыс.3 года назад
This video discusses how to make a forensic image from source media into a forensic image file using the FTK Imager application. FTKimager is a product from AccessData and can be downloaded at accessdata.com/products-services/forensic-toolkit-ftk/ftkimager Other topics discussed during this video are hash values. Try hashing yourself at www.md5online.org Toward the end of the video, I briefly t...
Windows Registry Write Blocker
Просмотров 2,9 тыс.3 года назад
How to Turn Write Blocking on in Windows using the Windows Registry. Visit more information about Write Blockers at nist.gov: csrc.nist.gov/glossary/term/Write_Blocker
This is helpful!
Williams Cynthia Brown Barbara White Joseph
Doesnt work
How to create android forensic image
Great video
Thank you
can i know how to verify this with using hash mechanishm
Very impressive, good work!
the writings in the video is not clear l can hardly see a thing
Thanks for the video! can you please upload more DFIR content? you doing a good job explaning stuff.
Hi. I want to ask, how to unblock its back?
can i use this to recover formatted harddrives?
No, but actually yes. If you formatted your drive you should use this tool to make a backup of it. Then use the created .dd file in photorec or some other tool. You could also directly use photorec, but when you don’t know the status of the drive, like when it has errors, or is otherwise corrupted, a clone of the drive is smarter because in case the photorec fails and you try another tool the drive might already be dead.
Thank you so much, you literally saved me so much confusion and I was able to complete my assignment!!!
Lovely video, very helpful.
What if we do not want to play with block sizes & counts stuff and just want take the full direct disk image of machine ?
can we use this tool to create forensics image (.dd) for android and iOS devices?
Unlikely, it is only suitable then you have direct access. So only internal drives, usb drives, sd cards, etc. but when it’s a phone or a network share it won’t work. You could use it to image the micro sd of a phone though.
Hello Sir, I used this method to transfer data from one drive to another but the transferred data was corrupted. Is there any reason behind this?
For forensics never ever try to extract data directly from the device itself, always always create image and work on it. While working directly on device/drive can corrupt the data.
I also try to create image of data through dd but when I extract image file then extracted data is also corrupted. Can you please share exact commands to make and extract image file.
Can I use this command for c drive (containing OS)
@@syedaumerubab9453 Did you use any other method before using dd? Especially to extract data directly from your device?
@@syedaumerubab9453 if it shows in device list you can do it. I will recommend you not to sore the image file on your PC.
do you need a usb blocker? or does this block the USB?
is it only available for window pro version?
Algorithm.
Thanks for the video... Please upload some more videos related to dfir
Hi, how are you
niiice
Great video sir! Instead of --size can we use count=1g saying that only to copy 1g blocks from source(USB)?
You can use size and count together if you wanted to image the first GB of a larger media device. It would look like this 'bs=1G count=1 --size --progress' etc. Count is telling dd to only image the first block. Since we defined a block size at 1GB, it will capture the first GB on a storage device. You can also skip certain blocks or name specific blocks with the 'skip' and 'seek' parameters, respectively. Thanks for viewing and taking the time to comment!
@@dfirnoob9787 thanks!