I have an assignment I am working on in a class that I am stumped with. I don't use linux enough to know how to complete this and its an extra credit deal via a virtual machine.
Scenario
Recently Gary Thatcher our senior system administrator, came across a thumb drive attached to an employee's system. According to the employee, the thumb drive was attached without their consent and they are unsure of the origin of said drive. The drive was passed to Ione Leventis one of our security analysts. Ione has attached the drive to our sheep-dip system which in our case is the Security-Desk machine. However, Ione was called away on other matters and you are now entrusted with the task. According to current company policy the thumb drive must be inspected for any malicious agents that could threaten DAS Web's overall security. Your job is to create a forensically sound duplicate image of the thumb drive using dd so it can be examined without the risk of inadvertently modifying potential evidence. SHA512 hashes should also be taken and compared between the original thumb drive which is already attached, but not mounted, to the system and the forensic image.
I have been able to create the directory, and I can make an image of the file. I don't know how to incorporate the hash part in the dd command if that is possible, and then how to compare them. Any help would be greatly appreciated. I HAVE to use the dd command. I cannot use dcfldd or anything else. Thanks in advance!
Scenario
Recently Gary Thatcher our senior system administrator, came across a thumb drive attached to an employee's system. According to the employee, the thumb drive was attached without their consent and they are unsure of the origin of said drive. The drive was passed to Ione Leventis one of our security analysts. Ione has attached the drive to our sheep-dip system which in our case is the Security-Desk machine. However, Ione was called away on other matters and you are now entrusted with the task. According to current company policy the thumb drive must be inspected for any malicious agents that could threaten DAS Web's overall security. Your job is to create a forensically sound duplicate image of the thumb drive using dd so it can be examined without the risk of inadvertently modifying potential evidence. SHA512 hashes should also be taken and compared between the original thumb drive which is already attached, but not mounted, to the system and the forensic image.
I have been able to create the directory, and I can make an image of the file. I don't know how to incorporate the hash part in the dd command if that is possible, and then how to compare them. Any help would be greatly appreciated. I HAVE to use the dd command. I cannot use dcfldd or anything else. Thanks in advance!