Forensic Friday - Hashing a Suspect Drive in Linux #dfir #socanalyst #incidentresponse
431 بار بازدید -
ماه قبل
-
This video goes through the
This video goes through the process of how to hash a disk drive that you have acquired for analysis. The commands we use are as follows:
sudo systemctl stop udisks2.service (Stop the system from auto-mounting and potentially writing data to the suspect disk(s))
::attach the disk::
sudo fdisk -l (to list the disks we have available, in our case mmc)
we can also run fdisk with filters: sudo fdisk -l | grep -i "filter"
Running fdisk with egrep filters: sudo fdisk -l | egrep -i "filter1|filter2|filter2"
sudo md5sum /dev/mmcblk0 (This will print the hash to the terminal)
adding a greater then symbol you can pipe the information out to a file for your own records!
#forensicscience #dfir #digitalforensics #linuxforensics #terminal #cybersecurity #socanalyst
sudo systemctl stop udisks2.service (Stop the system from auto-mounting and potentially writing data to the suspect disk(s))
::attach the disk::
sudo fdisk -l (to list the disks we have available, in our case mmc)
we can also run fdisk with filters: sudo fdisk -l | grep -i "filter"
Running fdisk with egrep filters: sudo fdisk -l | egrep -i "filter1|filter2|filter2"
sudo md5sum /dev/mmcblk0 (This will print the hash to the terminal)
adding a greater then symbol you can pipe the information out to a file for your own records!
#forensicscience #dfir #digitalforensics #linuxforensics #terminal #cybersecurity #socanalyst
ماه قبل
در تاریخ 1403/04/01 منتشر شده
است.
431
بـار بازدید شده