Chapter 5: Evidence Acquisition and Preservation with dc3dd and Guymager

In the previous chapter, we learned that documentation and proper procedures are key in any investigation. These ensure the integrity of the investigation by providing proof of data authenticity and preservation of the original evidence and documentation, which can be used to achieve the same exact results if the usage of tools and methods are repeated.

In this chapter, we will demonstrate forensically sound techniques for the acquisition of data using bitstream copies, including creating data hashes, in keeping with best practices.

In this chapter, we will cover the following topics:

Device identification in Linux
Creating MD5 and SHA hashes
Using dc3dd for data acquisition ...

Get Digital Forensics with Kali Linux - Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Digital Forensics with Kali Linux - Second Edition by Shiva V. N. Parasram

Chapter 5: Evidence Acquisition and Preservation with dc3dd and Guymager

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly