ISSC 457 Week 3 Interactive Lab
Week 3 Interactive Lab: Hardware/Software Setup Required
dd for Windows (available at http://www.chrysocddome.net/dd)
Any distribution of Linux. For this exercise, we are using Knoppix 5.1Live CD available at http://www.knoppix.net/.
When investigating a computer-related crime, you should never work directly with the information stored in the computer hard disk (or any other storage medium). Instead, you should perform a bit-stream copy of the disk and analyze the data using this forensic copy. In this exercise, you are asked to create a forensic copy (image) of a flash drive connected to a Windows-based computer using the dd command. Then, you will need to mount the acquired image on a Linux box and explore the content of the flash drive.
Estimated completion time: 1 hour
Report the steps you need to perform these tasks.