![]() Now load the Evidence Disk Image that you have downloaded earlier. Investigating ‘New Case’ and ‘Adding Evidence’ in P2 CommanderĬlick ‘Add Evidence’->Choose ‘Image File’->’Auto-detect Image’ Note: Here, ‘if’ refers to input file ‘of’ refers to output file ‘/dev/hda’ is the physical drive. To acquire an image of the disk in we will use the ‘dd’ command, in the following manner:ĭd if=/dev/hda of=/home/user/Wireless_Hacking_Case.dd bs=512 conv=noerror,syncĭd.exe if=.PhysicalDrive0 of=C:Pranshu_Case_ImagesPhysicalDrive0.img –md5sum –verifymd5 –md5out=C:Pranshu_Case_5 Hardware write-protectors may be used to ensure that the integrity of the original evidence disk is preserved at all times.Īcquiring an image of the evidence disk (Acquire) If one copy fails, having another copy will be worth the effort. It is suggested that the two copies be made using different tools. Often proper shutdown procedure should be used to turn off the computer but volatile (RAM) data may be lost after shutdown if in doubt, take a senior’s advice on what procedure would be best.īefore starting any kind of analysis, make sure you have made at least two bit-by-bit copies of the evidence media. Tasks performed: During the course of investigation, analysis of the evidence would require performing the 12 basic tasks of computer forensics: Get a demonstration copy of Paraben’s P2 Commander here. ![]() Tools used: The tool we have chosen for the purposes of this investigation is Paraben’s ‘P2 Commander’, however you are free to use other tools of your choosing (‘EnCase’, ‘FTK’, ‘Prodiscover’, etc). A ‘dd’ copy can be downloaded here: 1, 2, 3, 4, 5, 6, 7, 8 Purpose: Locate inculpatory or exculpatory evidence in the disk so that it may be presented in a court of law.Įvidence Disk: The seized Dell laptop disk can be downloaded here: part1 and part2. This abandoned equipment is seized as possible evidence. Witnesses recall seeing a person with such equipment lingering in the vicinity of Wi-Fi access point. When the authorities arrived on the spot, they found a Dell laptop and an Alfa Card (wireless USB adapter) abandoned in the vicinity. ![]() Scenario: A complaint was made to the authorities describing alleged Wi-Fi hacking activity. ![]() ![]() How to explore the Windows registry hive structure and why it holds relevance to Computer Forensics Investigations ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |