| Steve Litt via plug on 25 Jun 2023 17:48:27 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] makeshift forensic copy with scp |
Michael Lazin via plug said on Sun, 25 Jun 2023 19:54:40 -0400 >I have a system that I found malware on and I want to examine it >locally. I connected to it with ssh as root, The generally accepted way to make a forensic copy is to boot a different OS, then dd the suspect hard disk to an image. Is there anyone with hands-on at the current location of the suspect hard disk who could do this? Thanks, SteveT Steve Litt Autumn 2022 featured book: Thriving in Tough Times http://www.troubleshooters.com/bookstore/thrive.htm ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug