13 lines
654 B
Markdown
13 lines
654 B
Markdown
|
|
## Information
|
|
|
|
Make sure to clone the harddrive before doing any forensic !!!
|
|
Video ---> https://www.makeuseof.com/tag/2-methods-to-clone-your-linux-hard-drive/ & https://www.youtube.com/watch?v=cCNzl2x5Gdk
|
|
|
|
To retrieve information on a harddrive, there is 2 possibility
|
|
|
|
- Retrievement of lost partition (Autopsy [Tool]([[Red Team/Others/Hardware/HardDrive/Tools]]))
|
|
- Trying to find the whole partition (Arboressence (tree) and file name))
|
|
|
|
- File Carving (GHex (view) & Photorec (Find Docs) [Tool]([[Red Team/Others/Hardware/HardDrive/Tools]]))
|
|
- Scanning all the hexadecimal of the drive and search for documents (with finguer print) |