Alert icon
We're changing our privacy policy. This stuff matters.  Learn more  Dismiss

Backtrack 4 R2 Digital Forensics DCFLDD

Sign in or sign up now!
Alert icon
Upgrade to the latest Flash Player for improved playback performance. Upgrade now or more info.
3,203
Loading...
Alert icon
Sign in or sign up now!
Alert icon

Uploaded by on Mar 16, 2011

In this video I use the dcfldd application to copy a partition of one hard drive to an image file on another hard drive in Backtrack 4 R2. This program was created by the DOD Computer Forensics Lab as tool for data acquisitions. One thing to note, be sure you set the "if and "of" correctly as if they are reversed you will wipe your drive. I also make a md5 hash of the original file and of the copied file to verify the accuracy of the copied image. This application can be ran from the terminal, however the tool is located by clicking the Start Menu--Backtrack--Digital Forensics--Image Acquiring--DCFLDD. For more information visit http://lecturesnippets.com

  • likes, 0 dislikes

Link to this comment:

Share to:

Uploader Comments (lecturesnippets)

  • 2 questions: 1) the /dev/hda1 partition is unmounted before running this command, right?

    2) When you booted Backtrack 4, at the GRUB menu, which mode did you start from?

    MasterO2 9 months ago

  • @MasterO2

    1) yes, it is not mounted when I run the command.

    2) it should not matter if you boot to the default mode or forensics mode, they both should work. Use forensics if you want to keep the disk from changing at all when you boot up backtack.

    lecturesnippets 9 months ago

  • Thanks!!

    At last something new!! It is rare to find these kind of videos, most videos on youtube are always about the same topic (cracking WEP, metasploit, nmap etc...) 5/5

    Screenfreezer 11 months ago

  • @Screenfreezer - Thanks for the comment. Let me know if there are any tools you need to see. I plan on covering most all of them starting with the Forensics Tools.

    lecturesnippets 11 months ago

see all

All Comments (8)

Sign In or Sign Up now to post a comment!

  • if u r running a live cd (u say that on another video), where does the 20GB get stored?

    And if they are stored on the drive itself, can this somehow corrupt the data in it ?

    pinguino123698745 1 month ago

  • In regard to drives encrypted using Truecrypt in place, without using DOD 5220.22-M. How difficult is it for a forensic data lab to use a tool like this to view previous unencrypted info?

    sexcation 1 month ago

  • @Screenfreezer Amen brother....

    DjAdam16 7 months ago

  • This is a great video. Thanks!

    sjnovick 10 months ago

Loading...

Alert icon
0 / 00Unsaved Playlist Return to active list
    1. Your queue is empty. Add videos to your queue using this button:
      or sign in to load a different list.
    Loading...Loading...Saving...
    • Clear all videos from this list
    • Learn more