I already discussed some of this here some time ago, but to be more explicit…

• conv=sync,noerror

Don’t stop at errors, if there are errors, add zeros to the result so there are no “holes” left in the resulting image.

• hashwindow=0 hashlog=file.txt

Calculate hash on the fly for the whole operation to file.txt.

For all this and for optimal BS calculation, see here.

And to learn how to mount the result as a loopback device, see here.

Technorati: computer forensics, peritaje en informática, peritatge en informàtica

Tags: computer forensics, peritaje en informática, peritatge en informàtica

This morning I had an in-court computer forensics action: I had to clone in-court some disks we seized in a search warrant we served some days ago. Easy task: you just need some basic equipment and tools, proceed very carefully and be patient. I started the action with the drive that was the biggest and the one we knew contained most evidences.

I plugged it in… and it wasn’t detected. I double-checked the cabling and stuff: same thing, again and again…

I was turning white-faced and a cold sweat was running down my spine. Then I realized the stupid thing I was missing was…

Continue reading “Let it spin…”

Technorati: computer forensics, peritaje en informática, peritatge en informàtica

Tags: computer forensics, peritaje en informática, peritatge en informàtica