Imaging Tools-Week 5: Imaging Tools (Required/Graded)
There are different tools that can be utilized to take images of disks. In Linux, the dd, or dc3dd commands can be used from the terminal to make a bit-by-bit copy of the data. Even if the system is running Windows, an incident responder can boot the system to a Live DVD or a Linux operating system running off a USB drive and run the dd command. The responder needs to have a firm grasp of how Linux assigns drive letters if they choose that route. In this week’s lab we will be using FTK Imager, a Graphical User Interface (GUI) tool, to take an image of a system. Let’s use this discussion to take an opportunity to discuss some of the Linux terminal utilities available for disk imaging.
Discuss the benefits this tool has and explain how it could be relevant to a forensics investigation.
Some examples of tools on Kali or Linux commands you can discuss include (you can use any tool on the Kali MARS VM: dd; dc3dd; dcfldd; ddrescue; ewfacquire; guymanager and affcat.
If someone on your Forensics team has already picked one of the above tools, pick a different Kali Linux tool from MARS.
Please provide:
- how this tool would be useful in a forensic investigation.
- an APA formatted reference for your post.
Answer Preview-Imaging Tools-CST 640
