Lab Instructions In this lab you will create a bootable USB drive containing either the CAINE or KALI Linux distro. Note: For those using Macs, you can install in a virtual machine and then allow access to usb for the guest os. You can then use an external usb device as the drive to conduct the lab. For this exercise a forensics distro is not necessary as the tools used exist on most Linux distros and are available for MacOSX. There are several programs available to create bootable USB drives for different operating systems. Some of the most popular are Rufus, WinUSB, and UNetbootin. Recommend using a USB drive at least 32G. 1. After creating the bootable CAINE or Kali USB, boot up the system. 2. After determining the appropriate command examine what partitions exist on your hard drive and record. Note: Even if you only have one volume (program and data drive) on your system there is also typically at least a recovery partition. 3. Obtain an MD5 or SHA1 hash of each existing partition and record. In the following steps it is advisable to use the smallest existing partition. 4. Using either dd or Dc3dd (if included on your distro) whichever is available on your distro) obtain an image of any of the partitions. Take a screenshot depicting the before and after hashes. 4. Submit a write up of what tool was used in creating the bootable USB, what operating system exists on the computer used for partition examination, and the obtained hashes (to include the screenshots), indicating whether they are MD5 or SHA1, in a single word document named “pack-week1-lab.docx.
