I am going to post the step by step instructions the instructor gave us for the

Question

I am going to post the step by step instructions the instructor gave us for the BackTrack disk.img.
Please note that this is one question I am asking help with......

1. Create a folder called [lastname]415final
1. All results will be saved in this folder
2. All steps must be documented with complete sentences and all commands must be copy
copy and pasted into a text file called commands.txt and saved into the same folder.
Please label them by step number. The complete sentences have to show why and what commands.
2. Create a forensic image of image.img (disk.img)
1. Create a hash of the original using md5sum, redirect it to a file md5.sums
2. Create a forensic image using dd, call the new copy forensicimage.img
3. Create a hash of the forensic image using md5sum, append it to md5.sums
4. Compare the two hashes to ensure data integrity (cat md5.sums)
5. Save md5.sums in your results folder
3. File Carving of image.img (disk.img)
1. Perform a file carve of disk.img using foremost
2. Click through and explore the output folder
3. Move the output folder to your results folder
4. Memory analysis of mem.img
1. Perform a scan of the memory image using volatility
2. Include at least the following commands and redirect output of the various commands
you run to individual text files: [command]mem.txt
* connections
* datetime
* dlllist
* modules
* pslist
3. Save all text files into your results folder

Explanation / Answer

Which part do you want help with?

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

---

---

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.