Comments

Pages

Friday, 26 October 2012

Linux Tools for Digital Forensic

Posted by at 20:04 Read our previous post
Here is common tools are used for digital forensic in Linux,

# DD

The DD tool is used for clone the device like hard-drive. DD will clone the device look like the original device. If the size of device is 500GB so the result of clone is 500GB too.
The command for DD clone :
# dd if=/dev/sda of=/tmp/forensic
if : input file
of: output file

# FDISK

Fdisk commonly used for hard drive partition. In digital forensic, you can use fdisk for craving information in the device.
# fdisk -ul /path/of/clonning/device

# MD5SUM

MD5SUM usually used for getting hash of device or file. With md5sum, you can keep the integrity of your digital evidence.
The command for md5sum :
# md5sum file_or_device

# XDD

XDD used for getting the byte offset. Using XDD is easily to get the offset of file.
The command is :
# xxd clone_images
Posted by shinigami at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)
©2012 SECURITY is powered by Blogger - Template designed by Stramaxon - Best SEO Template