CAS Cybersecurity

Start
Reconnaissance
- Opensource Intelligence
Docker basics and Images
Scanning and Enumeration
Vulnerability Scanning and Analysis
Exploitation
Man in the Middle
- ARP Cache poisoning
- RDP MitM Exercise
Windows Hacking
- Throwback Network
  Entering the breach
  Exploring the caverns
  Webshells and you!
  First Contact
- WinAttack LAB
  Module 01
  Module 02
  Module 03
  Module 04
  Module 05
  Module 06
  Module 07
  Module 08
  Module 09
  Module 10
Web Application Security
- Burp Proxy Introduction
- DVWA
  DVWA Exercises 1
  DVWA Exercises 2
  DVWA Exercises 3
  DVWA Exercises 4
  DVWA Exercises 5
  DVWA Exercises 6
  DVWA Exercises 7
  DVWA Exercises 8
CTF and Crypto Exercises
Threat Intelligence
Forensic Exercises
Malware Analysis
Android Malware
Forensic Readiness
Live Response

Powered by GitBook

On this page

1. Introduction
2. Create Image with ewf-tools
3. Summary

Was this helpful?

Disk acquisition with ewftools

PreviousDisk acquisition with dcfldd NextDisk acquisition with FTK Imager

Last updated 2 years ago

1. Introduction

Image acquisition involves making a copy (or several copies) of the seized hard disk which can be then used to forensics analysis. This allows the investigators to analyze this image while ensuring the integrity and present condition of the real evidence disk.

In this lab, the evidence hard disk is mounted on ‘/dev/sdc’. The ewf-tools are installed on the lab machine. The tool uses the Expert Witness Compression Format (EWF).

2. Create Image with ewf-tools

First I’ll check if the disk is mounted on the filesystem

df -h

To prevent any failures during disk imaging, let’s unmount the disk first

umount /dev/sdc

Everything is prepared now to use ewfacquire to create a disk image

ewfacquire /dev/sdc

Further you can enter some more informations like Case Number, Description or Examiner name..

For all the other options I’ll leave the default values:

Let’s start the process:

To verify the disk image we can use the following command:

ewfinfo evidence.E01

3. Summary