- Windows Forensics Cookbook
- Oleg Skulkin Scar de Courcier
- 218字
- 2021-07-02 20:57:45
How to do it...
The steps for drive acquisition in RAW format using dc3dd are as follows:
- Open Windows Command Prompt, change directory (you can use cd command to do it) to the one with dc3dd.exe, and type the following command:
dc3dd.exe if=\\.\PHYSICALDRIVE2 of=X:\147-2017.dd hash=sha256
log=X:\147-2017.log
- Press Enter and the acquisition process will start.
Of course, your command will be a bit different, so let's find out what each part of it means:
- if - stands for input file. Originally, dd was a Linux utility, and in case you didn't know, everything is a file in Linux. As you can see in our command, we put the physical drive 2 here (this is the drive we wanted to image, but in your case it may be another drive, depending on the number of drives connected to your workstation).
- of - stands for output file. Here, you should type the destination of your image in RAW format. In our case, it's X:\ drive and 147-2017.dd file.
- hash - as has already been said, DC3DD supports four hashing algorithms: MD5, SHA-1, SHA-256, and SHA-512. We chose SHA-256, but you can choose whichever one you like.
- log - here, you should type the destination for the logs. You will find the image version, image hash, and so on in this file once acquisition is completed.
推薦閱讀
- 多媒體CAI課件設計與制作導論(第二版)
- 自制編譯器
- 樂高機器人設計技巧:EV3結構設計與編程指導
- 老“碼”識途
- Hands-On GPU:Accelerated Computer Vision with OpenCV and CUDA
- Oracle JDeveloper 11gR2 Cookbook
- C# and .NET Core Test Driven Development
- Visual Studio Code 權威指南
- Serverless Web Applications with React and Firebase
- Learning Python Data Visualization
- Mastering HTML5 Forms
- 你真的會寫代碼嗎
- Monitoring Docker
- MySQL從入門到精通
- Learning jqPlot