Go to ...


A Better Technical Repository

RSS Feed


Forensics: Erase/Zero out a drive

Before using a drive to copy forensic data on to it you should make certain the drive is completely free of past data.  You can accomplish this by using the following command in your favourite variety of Linux: (Make 100% certain you are zeroing out the right drive before running this command.) dd if=/dev/zero of=/dev/sdX

Forensics: Using DD Over Netcat vs SSH

The following example are for theorectical use in a pinch.  There are better methods when collecting live data from a computer.  Also, it is better to use cryptcat rather than netcat- nighthawk dd is a very handy shell command for writing raw data blocks from one place to another. Since it can read directly from

Forensics: How to create a bitstream image of a live server

A typical scenario for creating a bit-image of a running server is an incident response situation where a critical server may or may not have been compromised or otherwise tampered with and needs to be thoroughly examined, but a server shutdown procedure cannot be justified. For the purposes of this technical tip, we’ll assume a