For me, IT security and forensics looks like one of top-skill areas of IT. Funny to see educating forensics video which explains, what is "ls" and "cat".
Thank you for this course sir. I have a question please. All these disk images that were analysed using photorec, tsk_recover and sleuthkit. You didn't say how they were captured. Were they captured using the FTK imager or another software. Thank you. Hoping for your response.
Hello, very good video, helping a lot, starting from zero with Sletuth kit and Digital Forensics. I have a question, when determining the partition, in this case FAT32, is it a good practice to extrapolate that specific partition into a separate file? in such a way that is not necessary to specify each time the offset to move? Thank you
I am absolutely zero in this sphere yet. i am not completely understand and comprehend this topics. Can you tell me what am i gonna start with? maybe python or what? Thanks for advanced
Usually, yes. Both are very often "RAW" disk images - no additional structure or compression, just like you would find on the original disk. That is likely, but you should always confirm before working with the image.
Excellent introduction, exactly what I needed to get started with the Sleuth Kit. Starting from zero, well structured, easy to understand. Thank you!!
For me, IT security and forensics looks like one of top-skill areas of IT. Funny to see educating forensics video which explains, what is "ls" and "cat".
Thank you for this course sir. I have a question please. All these disk images that were analysed using photorec, tsk_recover and sleuthkit. You didn't say how they were captured. Were they captured using the FTK imager or another software. Thank you. Hoping for your response.
How can you approach a scenario where yo have a linux OS in HDD/SDD then formatted with windows, but you need the files that were in the linux system
Hello, very good video, helping a lot, starting from zero with Sletuth kit and Digital Forensics. I have a question, when determining the partition, in this case FAT32, is it a good practice to extrapolate that specific partition into a separate file? in such a way that is not necessary to specify each time the offset to move? Thank you
I am absolutely zero in this sphere yet. i am not completely understand and comprehend this topics. Can you tell me what am i gonna start with? maybe python or what? Thanks for advanced
Python is a good if you are interested. Learning Linux or Windows command line is probably going to help the most.
@@DFIRScience thanks a bunch
what if the Disk is encrypted? Is there any s/w to decrypt the data
in fls command, there is the -k parameter : "-k password: Decryption password for encrypted volumes"
How to create a .dd image file
Just to clarify, a 001 File is the same as a .dd file?
Usually, yes. Both are very often "RAW" disk images - no additional structure or compression, just like you would find on the original disk. That is likely, but you should always confirm before working with the image.
12:54 deleted