Drive Letter Assignments in Linux
GIAC Certified Forensic Examiner Objective:
Fundamental Digital Forensics
- The candidate will demonstrate an understanding of forensic methodology, key forensic concepts, identifying types of evidence on current Windows operating systems and be familiar with the structure and composition of modern Windows file systems.
Overview
This lab is part of a series of lab exercises intended to support courseware for Forensics training. The development of this document is funded by the Department of Labor (DOL) Trade Adjustment Assistance Community College and Career Training (TAACCCT) Grant No. TC-22525-11-60-A-48.
A forensics specialist is responsible for doing investigations of disks. You must know the internals of how disks function and work. Mechanical hard drives work different from solid state drives (SSD). Operating systems file systems have as the number of computers with SSDs continues to increase and the number of mechanical disks in use continues to decline. Thankfully, the file systems handle the details, but it is good for a forensics analyst to understand how each type of storage system works. It will help in the investigations of these drives because often someone can delete a file but a forensic investigator can still recover it. In this lab, you will learn how to partition and format disks in Linux.
OUTCOMES:
In this lab, you will learn to:
- Examine Linux Drive Letter Assignments and Mounting Drives
- Create Primary and Extended Partitions in Linux
- Format Disks in Linux and Utilizing the Storage