Scribd
Upload
84 views2 pages

Lab 4 Cyber Forensics

This document discusses using the DC3DD tool and Guymager to acquire disk images in a forensically-sound manner. It explains running DC3DD with options like "if" to specify the input device, "hash" for hashing algorithms, and "of" for the output file. It also shows verifying hashes of the original device with tools like md5sum and using Guymager to view acquired disk images.

Uploaded by

Dhananjay Chhabra
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
84 views2 pages

Lab 4 Cyber Forensics

This document discusses using the DC3DD tool and Guymager to acquire disk images in a forensically-sound manner. It explains running DC3DD with options like "if" to specify the input device, "hash" for hashing algorithms, and "of" for the output file. It also shows verifying hashes of the original device with tools like md5sum and using Guymager to view acquired disk images.

Uploaded by

Dhananjay Chhabra
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 2

Lab 4 : Acquisition of the Evidences with the use of DC3DD package and Guymager

fdisk -l

/dev/sda1(Partition No.)

S(SCSI - Small Computer System Interface)


D(Sriver)
A(DiskName)

/dev/sdb1

DC3DD (Department of Defence Cyber Crime Center Data Dump)

dc3dd [option 1] [option 2] . . . . . . . . [option n]

dc3dd if=/dev/sdb hash=md5 log=dc3dd_SSS of=test1.dd

dc3dd started at date and time


device size : blocks / Sector Size
bytes for Imaging Available
Bytes of Image that has been Made.

dc3dd COmpletion Time

ofsz - size of output file


ofs- outputfile with extension..

dc3dd if=/dev/sdb hash=md5 log=test1_fragment ofsz=1500M ofs=Test1.img.000

Test1.img.001
Test1.img.002
Test1.img.003
.
.
.
.
.
.
Test1.img.0010

if - Input File (Device of which we have to make the image/Acquisition)


Hash - Specify the Type of Hashing You want (md5)
log - contains the details of the imaging
of - is the output file (created by the DC3DD)

md5sum /dev/sdb
sha1sum /dev/sdb
sha256sum /dev/sdb
sudo guymager
password

You might also like