A disk image is a virtual image of a storage device which functions like a actual physical drive. It is the first step in digital forensics. In other words you don't what to contaminate the evidence with your shit. This can also be used to recover a complete disk.
How to?
Windows:-
Note:-
The file created by Winimage has .vhd extension and the file created on Kali Linux has .dd extension. Similarly if you use other programs then the extension may vary. The only thing you need to keep in mind is that you should be sure of the extensions which your forensics tool supports.
How to?
Windows:-
- Download Winimage and install it.
- Run it with administrative privilege and now click OK.
- Now click on disk and then click on "create virtual hard disk image from physical drive".
- Now select your drive and click on OK and select the path of the directory in which you would like to save the disk image..
- Open a terminal and type fdisk -l and hit enter.
- Now note the drive name.
- Now type dcfldd if=drive name of=file.dd and hit enter.
- Now type ls and hit enter to see if the file is created or not.
Note:-
The file created by Winimage has .vhd extension and the file created on Kali Linux has .dd extension. Similarly if you use other programs then the extension may vary. The only thing you need to keep in mind is that you should be sure of the extensions which your forensics tool supports.
No comments :
Post a Comment