In this chapter, we've looked at two tools readily available in Kali Linux for the acquisition of digital evidence. It's very important to be able to tell your devices apart so you can accurately acquire a forensic and exact copy or image of the evidence file using the fdisk -l
command. For forensic analysis, Bitstream copies of the evidence are needed as these provide an exact copy of the evidence, bit-by-bit, which is why we used DC3DD and Guymager.
Firstly, we used DC3DD, the enhancement of the data dump tool, and through the Terminal, performed quite a few tasks including device imaging, hashing, splitting of files, and file verification. Although DC3DD is a command-line interface program, the options remain the same, making it fairly easy to learn and use.
Our second tool, Guymager, has built-in case-management abilities and also has many functional similarities to DC3DD, but it comes as a GUI tool and may be easier to use.
Both tools deliver accurate and forensically sound results...