Forensic Friday - Disabling Automount in Ubuntu Linux
111 بار بازدید -
2 ماه پیش
-
In forensics one of the
In forensics one of the most important things we need to assure is that we are not inadvertently writing data to suspect drives before imaging them. In this short, we look at how we can disable auto-mounting so unintentional disk writes are not written to the suspect disk.
Commands:
sudo systemctl stop udisks2.service (stop the service)
sudo systemctl start udisks2.service (start the service again)
sudo fdisk -l (list the disks without any filtering)
sudo fdisk -l | grep -i "nvme" (list all nvme drives in Linux)
sudo fdisk -l | grep -i "mmc" (list all sd/mmc cards)
!!!REFERENCE PURPOSES ONLY DO NOT USE THESE IN/DURING AN ACTIVE FORENSICS!!!:
sudo mount /dev/block /folder/suspect (mounts a device "block" to a folder called suspect)
sudo eject /folder/suspect (ejects a mounted disk from the system)
#forensics #computerforensics #diskforensics #digitalforensics #dfir
Commands:
sudo systemctl stop udisks2.service (stop the service)
sudo systemctl start udisks2.service (start the service again)
sudo fdisk -l (list the disks without any filtering)
sudo fdisk -l | grep -i "nvme" (list all nvme drives in Linux)
sudo fdisk -l | grep -i "mmc" (list all sd/mmc cards)
!!!REFERENCE PURPOSES ONLY DO NOT USE THESE IN/DURING AN ACTIVE FORENSICS!!!:
sudo mount /dev/block /folder/suspect (mounts a device "block" to a folder called suspect)
sudo eject /folder/suspect (ejects a mounted disk from the system)
#forensics #computerforensics #diskforensics #digitalforensics #dfir
2 ماه پیش
در تاریخ 1403/03/04 منتشر شده
است.
111
بـار بازدید شده