Friday, 24 May 2013
Linux commands for computer forensics
1. dd - command used to copy from an input file or device to an output file or device.
syntax : dd if=[source] of=[destination] bs=(optional)
2. hdparm - command to get evidence harddisk information.
syntax : hdparm [ flags ] [device]
3. sfdisk and fdisk - command to determine the disk structure.
syntax :
sfdisk [options] device
sfdisk -s [partition]
4. md5sum and sha1sum - create and store an MD5 or SHA hash of file or list of files (including devices). syntax :
md5sum [OPTION] [FILE]...
md5sum [OPTION] --check [FILE]
sha1sum [OPTION] [FILE]...
sha1sum [OPTION] --check [FILE]
5. mount - mount a file system.
syntax :
mount [-lhV]
mount -a [-fFnrsvw] [-t vfstype] [-O optlist]
mount [-fnrsvw] [-o options [,...]] device | dir
mount [-fnrsvw] [-t vfstype] [-o options] device dir
6. etc..
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment