Difference between pages "How To Set Up a Disk Imaging Station" and "Windows Shadow Volumes"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
 
(External Links)
 
Line 1: Line 1:
=FreeBSD=
+
==Volume Shadow Copy Service==
This section describes how to set up a FreeBSD system as a disk imaging system.
+
Windows has included the Volume Shadow Copy Service in it's releases since Windows XP.  The Shadow Copy Service creates differential backups periodically to create restore points for the user.  Windows 7 Professional and Ultimate editions include tools to work with and manage the Volume Shadow Copy Service, including the ability to [[mount shadow volumes on disk images]].
  
==Install FreeBSD 6.2 on a new computer==
+
== Also see ==
 +
* [[Mount shadow volumes on disk images]]
  
# Boot the FreeBSD 6.2 CDROM
+
== External Links ==
# Hit return to boot the Default
+
* [http://computer-forensics.sans.org/blog/2010/03/16/shadow-timelines-and-other-shadowvolumecopy-digital-forensics-techniques-with-the-sleuthkit-on-windows/ Shadow Timelines And Other VolumeShadowCopy Digital Forensics Techniques with the Sleuthkit on Windows]
# Hit return to select "United States" (or chose your country)
+
* [http://computer-forensics.sans.org/blog/2008/10/10/shadow-forensics/ VISTA and Windows 7 Shadow Volume Forensics]
# Hit down-arrow and hit return to select "standard install"
+
* [http://forensic4cast.com/2010/04/19/into-the-shadows/ Into The Shadows]
 
+
* [http://code.google.com/p/libvshadow/ libvshadow project to read VSS Volumes]
Setting up the partition table:
+
* [http://justaskweg.com/?p=351 Getting Ready for a Shadow Volume Exam], by [[Jimmy Weg]], June 2012
 
+
* [http://justaskweg.com/?p=466 Mounting Shadow Volumes], by [[Jimmy Weg]], July 2012
# Enter to select "OK." If the geometry is incorrect, enter "OK" to accept.
+
* [http://justaskweg.com/?p=518 Examining the Shadow Volumes with X-Ways Forensics], by [[Jimmy Weg]] July 2012
# If there are any partitions, use the up and down arrows to select them and press "d" to delete them.
+
# press "a" to use All of the disk.
+
# press "q" to finish
+
# press the down arrow and hit Enter to select the Standard MBR (no boot manager)
+
 
+
Setting up the FreeBSD partitions:
+
# Press "enter" at the OK prompt.
+
# Press "a" for auto-defaults
+
# Press "q" to accept
+
 
+
Choosing what to install:
+
# Press the down arrow and Enter to select "all" software
+
# Press Enter at the "yes"
+
# Press the up arrow and press Enter to Exit
+
# Press Enter to select CD/DVD
+
# Press Enter to confirm
+
 
+
FreeBSD 6.2 will be installed. Now you need to configure it.
+
 
+
# Press Enter at the OK prompt when installation is complete.
+
# Press [Yes] Enter to configure an Ethernet address.
+
# Press [Ok] Enter to configure the first ethernet card.
+
# Press [No] Enter when asked if you want to configure an IPv6 interface.
+
# Press [Yes] Enter when asked if you want to configure with DHCP.
+
# Press [No] Enter when asked if you want to be a network gateway.
+
# Press [No] Enter when asked if you want to configure inetd.
+
# Press [No] Enter when asked if you want to enable SSH login.
+
# Press [No] Enter when asked if you want to have anonymous FTP.
+
# Press [No] Enter when asked if you want to configure the machine as an NFS server.
+
# Press [No] Enter when asked if you want to configure the machine as an NFS client.
+
# Press [No] Enter when asked if you want to customize the system console settings.
+
# Press [Yes] Enter when asked if you want to set the machine's time zone.
+
# Press [No] Enter when asked if the machine's system clock is in UTC.
+
# Select your region and press [OK] Enter
+
# Select your country and press [OK] Enter
+
# If you are in the US, Select your time zone and press [OK] Enter
+
# Press [Yes] Enter to confirm the time zone.
+
# Select [No] Enter when asked if you need Linux compatibility.
+
# Select [No] Enter when asked if you have a mouse (even if you have one).
+
# Select [No] Enter when asked if you wish to browse the ports collection.
+
# Select [No] Enter when asked if you wish to add any user accounts.
+
# Press [OK] Enter when told you will be setting the Root password
+
# Press [Enter] for the Root password; we will use no password.
+
# Press [Enter] to confirm the empty root password.
+
 
+
 
+
[[Category:HowTos]]
+

Revision as of 00:41, 31 July 2012

Volume Shadow Copy Service

Windows has included the Volume Shadow Copy Service in it's releases since Windows XP. The Shadow Copy Service creates differential backups periodically to create restore points for the user. Windows 7 Professional and Ultimate editions include tools to work with and manage the Volume Shadow Copy Service, including the ability to mount shadow volumes on disk images.

Also see

External Links