IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [disk-image]

Questions involving files that contain a byte-for-byte copy of a storage medium such as a USB stick or a hard disk drive.

17 questions
6
votes
2 answers

Is it possible to take an image of the firmware of HDD and SSD?

I suspect that both my HDD and SSD may be infected. Is it possible to take an image of the firmware? How do I go about doing it?
ssdhddinfected
  • 139
  • 8
6
votes
1 answer

Integrity of LIVE forensic evidences (e.g. memory dump)

I'm wondering how can I prove the integrity of a computer forensic evidence which was obtained from a running machine (e.g.: memory image). As soon as I do anything with that box, connect a pendrive for example, I alter the registry hives in the…
Richard Leonard Kirner
  • 195
  • 2
  • 5
2
votes
2 answers

Can I safely disable and re-enable Secure Boot when Bitlocker is used in order to make a Forensic Image?

I am about to make a forensic image (using dc3dd from OSFClone) of two laptops and in this specific case I'd like to startup using an bootable USB stick with OSFClone and image the disk to an external disk. The laptops (HP ProBooks) in this case…
Bob Ortiz
  • 6,234
  • 8
  • 43
  • 90
2
votes
1 answer

How to do forensis MBR hex dump?

I take OS first 512 hexdump using dd command. what kind of information extract using that and what are the tools or command(linux) can be used for analysis ? I take copy bytes dump using my Ubuntu os(MBR sector) following command. dc3dd…
uma
  • 183
  • 10
2
votes
1 answer

What options are there to clone or image a disk to an encrypted drive?

To ensure that cloned or image disks remain secure and are not accessible by others, there is a requirement to have these stored on encrypted drives. When attempting to use tools such as Macrium Reflect, Acronis, O&O Software, there doesn't appear…
Motivated
  • 1,493
  • 1
  • 14
  • 25
2
votes
1 answer

Integrity of an SSD forensic image

Is there any solution to validate the integrity of an SSD image? If I know well in case of SSD low level disk maintenance stuff such as wear leveling is performed inside the drive in order to maximize its lifetime regardless of the use of a write…
Richard Leonard Kirner
  • 195
  • 2
  • 5
1
vote
0 answers

How is PlayStation (4/5) protected from disk-copying piracy?

It just doesn't make any sense to me. Any owner of a original PS game disk has full access to it, so it shouldn't be a problem to create an identical disk, isn't it? And PS won't be able to tell apart identical disks, will it?
kandi
  • 111
  • 2
1
vote
2 answers

Clonezilla for forensic disk image

I was wondering if it's reasonable and forensically correct to use Clonezilla for the image of an attacked machine. Since some of the commercial products are very expensive I'm turning to open source solutions. Provided that: is an offline copy…
Jack
  • 11
  • 1
1
vote
1 answer

Can M.2 docking stations be used to make forensic images of (Bitlocker encrypted) M.2 disks?

I am looking into M.2 docking stations such as the Maiwo K3016S as shown below. Is it possible to use such docking stations optionally in combination with a USB- or software write-blocker, in order to make forensic images of (Bitlocker encrypted)…
Bob Ortiz
  • 6,234
  • 8
  • 43
  • 90
1
vote
0 answers

How long would traces of a disk wipe be visible?

If a user on normal everyday-use computer wiped the unallocated space on a hard disk drive, how long would it take before analysis of the unallocated space would yield no evidence of a disk wipe? Lets say that there is 100 MB of disk writes per day…
another_stack_user999
  • 29
  • 4
1
vote
0 answers

OSX: Momentary appearance of a .dmg modal, when opening an image

I had a situation that struck me as odd. I opened an image which I had downloaded via browser save-as. After the finder/OS initiated the file-open, a modal dialog momentarily flashed, typical to when a .dmg file is being opened. This went…
New Alexandria
  • 270
  • 1
  • 9
0
votes
0 answers

Wiping a hard large hard drive efficiently but securely step by step

I want to sell my old 4TB Hard Drive. Of course I want no one to steal my data. Overwriting the whole drive with zeros with dd if=/dev/zero of=/dev/sda would take about 18h. But I cannot reboot my PC for 18 hours because I think dd always starts…
dfsg76
  • 529
  • 4
  • 7
0
votes
1 answer

Is it safe to extract file from potentially infected disk

I have a hard drive used for years, there are windows and many personal files on it. What I called "files" are images, musics, documents (pdf or docx), but not programs. All the "files" were not initially infected. As I said in the title, the hard…
Tindera
  • 3
  • 2
0
votes
0 answers

Destroying data on storage drives via overwrite methods really doesn't work?

I'm going to sell a computer hard drive on the Internet, it's a 500GB SATA hard drive, I really used it 3 or 2 years ago, I never used it again, I used about 20 or 40% of the space. I have read about various tools and used Hardwipe, first I deleted…
Julián
  • 249
  • 1
  • 4
  • 10
0
votes
3 answers

Why after dd'ing ISO file to entire USB flash device, only the first partition match the ISO checksum?

I use dd to "burn" an ISO file to USB stick: dd bs=4M if=/mnt/media/ISO/Fedora-Workstation-Live-x86_64-31-1.9.iso of=/dev/sdd conv=fdatasync status=progress Now I can see several partitions has been created: sdd 8:48 1 1.9G 0 disk…
Alex
  • 103
  • 3
1
2