When coming across encrypted files you may have a need to see what key was used to encrypt the file.  Although this does not help you decrypt the file it can possibly provide a small piece of a much larger story. The easy way is to use gpg -vv then your file name: Eg. gpg

Before using a drive to copy forensic data on to it you should make certain the drive is completely free of past data.  You can accomplish this by using the following command in your favourite variety of Linux: (Make 100% certain you are zeroing out the right drive before running this command.) dd if=/dev/zero of=/dev/sdX

The following example are for theorectical use in a pinch.  There are better methods when collecting live data from a computer.  Also, it is better to use cryptcat rather than netcat- nighthawk dd is a very handy shell command for writing raw data blocks from one place to another. Since it can read directly from

A typical scenario for creating a bit-image of a running server is an incident response situation where a critical server may or may not have been compromised or otherwise tampered with and needs to be thoroughly examined, but a server shutdown procedure cannot be justified. For the purposes of this technical tip, we’ll assume a

Examining the secrets of the MBR