Irregular Expressions

Sep 26 2010   10:54PM GMT

Creating sound disk images

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

What does that mean?

Creating an image that is going to have all of the information that you are going to need and persevering as much of that information as possible.

First capture a snap shot of the memory of the target, there is a lot of tools out there to do this. I prefer mdd.  If you can do that, that is great you can use tools like the volatility frame work to do your analisys. ( )

Once you have the memory take an image of the target disk, pull the power if you can or do the old hold the power button down for 3 seconds. Why? We want to capture everything possible, doing a shutdown will let what ever is on there clean up.

Use a tool like dd to capture the disk image, you want to make sure what ever you use will capture the slack space on the disk.  Just incase something is hiding in there.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: