Linux Forensics Imaging Setting Up the Evidence Drive Steps 1. Access resources via the Lab Resources folder on the desktop of the VM. a) Shortcuts to applications such as Terminal are placed in the...

1 answer below »
need a summary report using the word document that I have provided. I have also attached a pdf for refrence.


Linux Forensics Imaging Setting Up the Evidence Drive Steps 1. Access resources via the Lab Resources folder on the desktop of the VM. a) Shortcuts to applications such as Terminal are placed in the Applications folder. b) A link to download project-related files is located in the Projects folder. 2. From the Projects folder, double-click the Download Project Resources shortcut to take you to the DFC 620 or CST 640 Project Resources page. Download the "LD2-Step1.dd" and “FlashDrive.img" files under Project 2. 3. Confirm that the project files illustrated below have been successfully downloaded in the Downloads folder. 4. Launch the Terminal application from the Applications menu. Locate and click the Terminal icon from the applications menu to open a new Terminal window.  5. Simulate inserting a flash drive using the following commands in Terminal:  a) To attach the flash drive image "FlashDrive.img" to a loopback device, type: sudo losetup --find --show -P ~/Downloads/FlashDrive.img Note: This will make the device available. It does not mount the device; it only “attaches” it.  The –find switch just tells the command  to choose the first loopback, so the first time you run it, the device will be /dev/loop0, and the next time, /dev/loop1. b) If prompted for a password, type Cyb3rl@b. c) To list loopback devices allocated (for verification purposes), type: losetup –l (where the " l" is a lowercase L) d. To show loopback and partition in /dev, type: ls -l /dev/loop0 6. Mounting the USB Device  a. Use the gnome-disks command from Terminal to launch the disk utility. Type: gnome-disks 8. Launch a new Terminal window if one isn't already open. a. Note: Locate and open Terminal from the Applications menu if no Terminal window is already open. 9. Determine the device location assigned to the flash drive: a. Type the following command in Terminal: sudo mount b. If prompted for a password, enter Cyb3rl@b. Note: You won't get any feedback from Terminal when entering a password. c. Now, look at the first section of the line containing the name of the examination flash drive, "FlashDrive.img."  In this case, look for the following line: "/dev/loop0". Your results may look different. d. You can also use the following command to filter through the multiple lines of text produced by the mount command: mount | grep /dev/loop 10. Zero out the clusters on your flash drive: a. This step writes zeroes to all memory locations on the flash drive. i. If prompted for a password, enter Cyb3rl@b. 12. Next, simulate removing the flash drive from the VM. a. Unmount the 1.5 MB Volume by first using the gnome-disks command in Terminal to open the disk utility. Type: gnome-disks  b. b. Click on the stop button highlighted in the picture above to unmount the volume (make sure that you click to highlight the 1.5 MB Loop Device before doing this). 13. To destroy loop devices and simulate unplugging a flash drive, type the following command:  sudo losetup –D  To verify that no loop devices are connected to the VM before continuing, type:  sudo losetup –l Static Imaging and Verification (Linux) Steps 1. Simulate plugging in a flash drive without mounting any volume with the following commands as follows: a. Attach the flash drive image "FlashDrive.img" to the loopback device by typing the following commands: sudo losetup --find --show -P ~/Downloads/FlashDrive.img b. To list loopback devices allocated for verification purposes, type: losetup –l c. To show loopback and partition in /dev, type: ls -l /dev/loop0 d. To verify that no device is automounted, type: mount | grep /dev/loop (Results: Nothing should be listed in window) 2. Now, create a forensic copy of the flash drive with the following command:  sudo dd if=/dev/loop0 of=forensic_copy_LD2-Step1.dd bs=1024 3. Check the hash value of the forensic copy and compare to the hash of original image file ("LD2-Step1.dd"). Note: If the hashes don't match, repeat these steps. (The two hashes might match for this exercise. If this happens, you may continue). sudo sha1sum forensic_copy_LD2-Step1.dd /dev/loop0  Reached the end of the lab. Close all applications, exit the virtual lab, and ensure that you compile findings and incorporate them into your final deliverable for submission.
Answered Same DayMar 01, 2022

Answer To: Linux Forensics Imaging Setting Up the Evidence Drive Steps 1. Access resources via the Lab...

Aneshteja answered on Mar 02 2022
109 Votes
Usb drive using Linux                 1

Usb drive using Linux    
Summary:-
· In this Usb drive Using Linux we are using 2 steps to identify the Evidence of Drive and the Imaging and Verification (Verify) in Linux Operating System. In this lab we are using some resources to find out the evidence, first of all we need to access the file using Linux terminal and that file name is FlashDrive.img and LD2-step1.dd.These 2 files we need to download and store in Downloads Folder. Open the new terminal from the source files and attach the FlashDrive.img to a Look...
SOLUTION.PDF

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here