Imaging with Linux

Chapter 2, Forensic Fundamentals, contained an overview of the various forensic tools available to the incident response analyst. Some of these tools include Linux distributions that can be leveraged during an incident for various digital forensic tasks. The following example will demonstrate how a Linux distribution with forensics applications can be deployed to capture a forensically sound image of a potentially compromised computer.

The combination of a Linux distribution and a bootable USB device is an option for conducting forensic imaging of potentially compromised systems. Incident response analysts may find themselves in a situation where multiple systems need to be imaged and the analysts has only one write-blocker. ...

Get Digital Forensics and Incident Response now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.