Ex1 – Forensic mode – md5

Tagged: 

Viewing 1 reply thread
  • Author
    Posts
    • #17437
      techguy
      Participant

      Hello,
      Just tried the suggestion about Forensic mode and doing the md5 of two hard drives that I have on my virtual machine, one is installed with an OS and the other is an empty formatted disk.

      first boot:
      # md5sum /dev/sdb1 ====> gave a number
      second boot:
      # md5sum /dev/sdb1 ====> gave the same number

      Just added a new directory, as simple as that, no warnings (no securities implemented – IMHO, it should warn you before adding, changing or deleting anything, if not available):
      third boot:
      # md5sum /dev/sdb1 ====> gave a totally different number

      Be extremely careful when working on forensic mode!!!

      • This topic was modified 4 weeks ago by techguy.
      • This topic was modified 4 weeks ago by techguy.
    • #17440
      techguy
      Participant

      Forgot to add the practical exercise:

      root@kali:~# md5sum /dev/sdb1
      9b8edbdcdfd42c48f7410af79b3723f4 /dev/sdb1 <— original number, even after rebooting a few times
      root@kali:~# md5sum /dev/sdb1
      1252d5f2d8bda5f73c23ca5b72330981 /dev/sdb1 <— new number after adding a new empty directory
      root@kali:~# md5sum /dev/sdb1
      7c8fea9eef024759ff3882137637294d /dev/sdb1 <— again new number after deleting my traces, i.e. the previous added directory

Viewing 1 reply thread
  • You must be logged in to reply to this topic.