ISSC 457 Week 3 Interactive Lab



ISSC 457 Week 3 Interactive Lab

Week 3 Interactive Lab: Hardware/Software Setup Required

dd for Windows (available at

Any distribution of Linux. For this exercise, we are using Knoppix 5.1Live CD available at

Problem Description

When investigating a computer-related crime, you should never work directly with the information stored in the computer hard disk (or any other storage medium). Instead, you should perform a bit-stream copy of the disk and analyze the data using this forensic copy. In this exercise, you are asked to create a forensic copy (image) of a flash drive connected to a Windows-based computer using the dd command. Then, you will need to mount the acquired image on a Linux box and explore the content of the flash drive.

Estimated completion time: 1 hour


Report the steps you need to perform these tasks.