Dic 31 2009
I wish you all the best for 2010!
I’ve been working in an article related to serving search warrants and I thought the following examples may be useful. They cover imaging, mounting imaged drives and calculating hashes for every file in a drive.
CASE_ID identifies the case, LOCATION_ID identifies the location where the media was seized, MEDIA_ID identifies the media device and PARTITION_ID identifies each partition into the media.
This is an example for dcfldd imaging. The command calculates the MD5 hash on the fly.
See here for options’ reference.
ubuntu@ubuntu:~$ date; sudo dcfldd if=/dev/sdc of=/media/disk/CASE_ID/LOCATION_ID/MEDIA_ID.dd conv=sync,noerror hashwindow=0 hashlog=MEDIA_ID_md5.txt; date
Thu Nov 16 13:18:22 UTC 2009
4883968 blocks (152624Mb) written.
4884090+1 records in
4884091+0 records out
Thu Nov 16 15:26:34 UTC 2009
Comentarios desactivados en image, mount, calculate hashes: examples