In this section, you learn how to make an image of a larger drive and apply the Split function in ProDiscover Basic to create segmented files of 650 MB each that can be archived to CDs.īefore acquiring data directly from a suspect drive with ProDiscover Basic, always use a hardware write-blocker device. Because USB drives are typically small, a single image file can be acquired with no need to segment it. ProDiscover automates many acquisition functions, unlike current Linux tools. In Chapter 2, you learned how to acquire an image of a USB drive. Exercise 3 - Capturing an Image with ProDiscover Basic Exercise 2 - Acquiring Data with dd in Linuxįollow these steps to make an image of an NTFS disk on a FAT32 disk by using the dd command.
For information on Mac OS X file systems and acquisitions, see Chapter 7. You can download this driver from, where you can also find information about NTFS and instructions for installing the driver. Linux kernel version 2.6.17.7 and earlier can format and read only the FAT file system, although an NTFS driver, NTFS-3G, is available that allows Linux to mount and write data only to NTFS partitions. Pace University New York ProDiscover Basic Security & Company Activities Lab Report. Computer Science, Pace University New York. Current Linux distributions can create Microsoft File Allocation Table (FAT) and New Technology File System (NTFS) partition tables. Pace University New York ProDiscover Basic Security & Company Activities Lab Report. The Linux OS has many tools you can use to modify non-Linux file systems. Using ProDiscover’s Proprietary Acquisition FormatĮxercise 1 - Preparing a Target Drive for Acquisition in Linux.ProDiscover investigator is designed to capture data from the computer of.
Capturing an Image with ProDiscover Basic Start ProDiscover Basic, and in the main window, click Tools, Copy Disk from.Preparing a Target Drive for Acquisition in Linux ProDiscover Basic FINALeMAIL Sawmill-GroupWise DBXtract Fookes Aid4Mail and MailBag Assistant Paraben E-Mail Examiner.The Sleuth Kit is an open source digital forensics toolkit that can be used to perform in-depth analysis of various file systems.
It features all the basic IT forensic capabilities full disk. ProDiscover Basic is a simple digital forensic investigation tool that has tools for images, analysis, and reports on evidence found on drives. The Data Acquisition module provides you with the instructions and devices to develop your hands on skills in the following topics: The product combines features for computer forensics with tools for complete incident response.