Sir could you please tell me which tool should I use on a windows system to create the raw .dd image of my usb. I guess guyimager can be used only on linux. Thank you for this great video!!
You won't be able to dd a physical image of a CD/DVD, but you can technically DD a logical image. Instead, it is better to use ISO creation software built into most systems these days.
That is an imaging log file from Guymager. The image was not created with dd, although it is a raw disk image. .dd is a common raw extension. You may also see .raw or .000
thanks for this great tutorial.i write mmls Image1.dd ,which Image1.dd is my usb, but i take the message . This gives me the information ,my usb image its a logical disk image? thanks
How to identify contents of a large file of about 90GB. the file with no extension and I really want to know what's inside id. I found it inside my c: partition called "Free space" with another sibling file called "Idle space"
You can use the 'file' utility to try to find some information about the file signature. I made a video for you at ruclips.net/video/-vsfm1IqmWA/видео.html Other than that, you could open the huge file in a hex editor and look at the signature manually.
Ok, obviously I am strong like bull, smart like tractor. how the hell does a person learn what the meaning of MGB/5 or whatever it is you said? Apparently, the cyber security class I am taking labeled "Basic" is NOT basic, as I don't have a clue what you said, and Sleuthkit is still an absolute mystery. Where do I start if this was "mandarin" to me?
A great place to start is with this free book on forensics using Linux. It covers many basic computing concepts and commands before getting into the forensics. It's all hands-on. linuxleo.com/Docs/LinuxLeo-4.95.1.pdf linuxleo.com/ The Sleuth Kit is all about parsing file systems. You can either learn how file systems work and then learn TSK or learn TSK to explore how file systems work. Whatever approach works best for you. The book linked above walks through practical examples while explaining.
And any vocab you don't understand, or any questions in general, feel free to post them and I will try to answer. You can also DM me on Twitter @DFIRScience
This is a great tutorial. It really helps confirm that I'm accurately reading hex tables from FTK Imager.
Great tutorial, you explained how to use Sleuth Kit very clearly.
Awesome. Taking a forensics course atm, and this was a huge help.
Thanks a lot. Would be happy about some more parts with more detailed forensic analytics
Great way to explain, calm and clear. Thanks
Nice video. Gives understanding about the basic things that you could do using TSK
This video helped me out a lot, thank you.
Glad it helped!
didnt expected to be taught what options are and how to use the help on such an advanced tool but still, I learned some stuff
from where i can dowload images ..i want to download the c drive image.. i want to look into ntfs data
Sir could you please tell me which tool should I use on a windows system to create the raw .dd image of my usb. I guess guyimager can be used only on linux. Thank you for this great video!!
You can use FTK imager
Thanks alot, guy
such an awesome voice!!
New sub! This works for me but i mostly work on windows...
Great content...glad I found your channel. New sub.
where can i get the dd file ?
you failed to mention the command to acquire the image
Thank you very much, excellent content
how would you check for deleted files. I saw that you spoke about it briefly. Perhaps I missed it?
In TSK 4 you could use Tsk_recover to recover files and deleted ones that will be in the unallocated spaces
It is easy to dd image of USB, but how to dd image of CD or DVD?
You won't be able to dd a physical image of a CD/DVD, but you can technically DD a logical image. Instead, it is better to use ISO creation software built into most systems these days.
how did you get that .info file when from the .dd image?
That is an imaging log file from Guymager. The image was not created with dd, although it is a raw disk image. .dd is a common raw extension. You may also see .raw or .000
Thanks It was helpful
thanks for this great tutorial.i write mmls Image1.dd ,which Image1.dd is my usb, but i take the message . This gives me the information ,my usb image its a logical disk image?
thanks
Hello. image1.dd may be a logical disk image. Try fls image1.dd. If you see a directory list, then it is a logical disk image.
Thanks!
How to identify contents of a large file of about 90GB. the file with no extension and I really want to know what's inside id. I found it inside my c: partition called "Free space" with another sibling file called "Idle space"
You can use the 'file' utility to try to find some information about the file signature. I made a video for you at ruclips.net/video/-vsfm1IqmWA/видео.html
Other than that, you could open the huge file in a hex editor and look at the signature manually.
Nice tutorial!
Thanks a lot. Let me know if you would like something specific.
How to Download it for mac? (Sleuth Kit)
You will have to compile the Sleuthkit on Mac. Download the 'source code' from here: sleuthkit.org/sleuthkit/download.php
Great... thanks a lot!
nice explantion
Take a shot every time he says “mmkay” 😄 🥃
while 1; print mmkay; done
@Adrian Chad Spam harder, will yah?? 😒
this was of great help. thank you very much.
sorry, can you show me how to create an image first?
fcat command is not working....Can u please tell me ??
What error are you getting?
anyone here from picoCTF?
Ok, obviously I am strong like bull, smart like tractor. how the hell does a person learn what the meaning of MGB/5 or whatever it is you said? Apparently, the cyber security class I am taking labeled "Basic" is NOT basic, as I don't have a clue what you said, and Sleuthkit is still an absolute mystery. Where do I start if this was "mandarin" to me?
A great place to start is with this free book on forensics using Linux. It covers many basic computing concepts and commands before getting into the forensics. It's all hands-on.
linuxleo.com/Docs/LinuxLeo-4.95.1.pdf
linuxleo.com/
The Sleuth Kit is all about parsing file systems. You can either learn how file systems work and then learn TSK or learn TSK to explore how file systems work. Whatever approach works best for you. The book linked above walks through practical examples while explaining.
And any vocab you don't understand, or any questions in general, feel free to post them and I will try to answer. You can also DM me on Twitter @DFIRScience