FORENSICS ANALYSIS

here we just start we will analyze the file with a name practical.floppy.dd

after that we will start cloning the file with the command below

 we create a directory with the name of evid

 we create a directory with the name of analysa but a different place on the flash

 to see the information we partition type as follows

We can redirect the output of this command to a file for later use by issuing the command

Here we need a flash device / mnt / result / as the input file and write output file (of) called image.disk1 in the current directory (/root/evid/)

to gives all users readonly access you can type the following command

then we make another duplicate with input image.disk1 and output on the flash disk

to see the picture we have to mount using loop interface, and to move the location of where we're going to see us add (/ mnt / analysis) contained on our flash.

below we can see the results of the above mount

after you can see below this type

here to ensure that our analysis files have been changed or not we can be sure with this command.

following command will store the code of what we see above is stored into sha.disk1

to see the picture we have to mount using loop interface, and to move the location of where we're going to see us add (/ mnt / analysis) contained on our flash.

to look for evidence of where all the files that are stored in ~ / evil /sha.filelist

to view the contents of sha.filelist you can type the following command

To verify that nothing has been changed on the original floppy, you can use the c as below

below is the same as above just different file only

to view the contents of the directory analysis with the following command

under the command functions the same as above but this will show all the hidden files (a), give the list in long format to identify permission, date, etc. (l).
You can also use the –R option to list recursively through directories.

dibwah masih sama juga tapi di tambah dengan perintah -i and -u,  –i option to include the inode -u can be used so that the output will include and sort by access time

There is also the tree command, which prints a recursive listing that is
more visual. It indents the entries by directory depth and colorizes the
filenames.