forensic case study article

The Role of Computer Forensics in Stopping Executive Fraud is a very interesting case study article illustrating various forensic concepts and techniques based around what the author says is a very real case study involving corporate fraud.

I found especially interesting some of the actual Linux command lines they used to both wipe and image data.

# > dd if=/dev/urandom of=/dev/hda
This fills a harddrive with random numbers; can and should be repeated a number of times to sanitize a drive. DD is native to Linux.

# > dd if=/dev/hda of=/mnt/image.dd
This command copies an image of one drive to another.

# > md5sum /dev/hd
Calculates a checksum for the drive. Md5sum is native to Linux.

# > md5sum /mnt/image.dd
Calculates a checksum for the image to verify that it is the same as the drive.