{
    "id": "c1b134fb-613e-36ad-945b-f1fd291ab15b",
    "name": "Image Acquisition (EWF Tools)",
    "slug": "image-acquisition-ewf-tools",
    "status": "published",
    "lab_type": "pta",
    "is_sample": false,
    "duration_in_seconds": 1800,
    "metadata": {
        "courses": [
            "8d8f1728-bbf5-30ec-9e35-82b748bf966a",
            "3d7f1791-32b6-4f1a-9c77-929d58737a98"
        ],
        "pta_sdn": "1797",
        "pta_namespace": "attackdefenselabs",
        "learning_paths": [],
        "has_published_parent": true
    },
    "session": null,
    "company": "a491bc32-c056-4946-9169-cc053387bada",
    "created": "2022-03-17T11:44:17.689798Z",
    "modified": "2023-12-08T19:42:19.206017Z",
    "is_beta": false,
    "lab_objectives": [],
    "main_learning_area": "3e1aa06f-2e9f-4789-b50d-aa027ad8dcfa",
    "learning_areas": [
        {
            "id": "3e1aa06f-2e9f-4789-b50d-aa027ad8dcfa",
            "name": "Cyber Security",
            "slug": "cyber-security"
        }
    ],
    "categories": [
        {
            "id": "94b65232-279b-4f35-8754-80f47bbe42d3",
            "name": "Basics"
        },
        {
            "id": "fd38d8ac-242a-4c0d-8c3d-2191bddc6f20",
            "name": "Disk Forensics"
        }
    ],
    "tags": [],
    "difficulty": "novice",
    "is_web_access": false,
    "is_lab_experience": false,
    "is_featured": false,
    "cve": null,
    "severity": null,
    "year": null,
    "external_url": "",
    "solution_video": "4d462b9a-b299-3bd4-bfb2-b935290ebfa4",
    "explanation_video": null,
    "description": "Image acquisition involves making a copy (or several copies) of the seized hard disk which can be then used to forensics analysis. This allows the investigators to analyze this image while ensuring the integrity and present condition of the real evidence disk.\n\n  \nIn this lab, the evidence hard disk is mounted on \u2018/dev/sdc\u2019. The [**ewf-tools**](https://github.com/libyal/libewf) are installed on the lab machine. The tool uses the Expert Witness Compression Format (EWF).\u00a0\n\n  \n**Objective:** Create a disk image for evidence hard disk using ewf-tools tools.",
    "description_html": "<p>Image acquisition involves making a copy (or several copies) of the seized hard disk which can be then used to forensics analysis. This allows the investigators to analyze this image while ensuring the integrity and present condition of the real evidence disk.</p>\n<p>In this lab, the evidence hard disk is mounted on \u2018/dev/sdc\u2019. The <a href=\"https://github.com/libyal/libewf\"><strong>ewf-tools</strong></a> are installed on the lab machine. The tool uses the Expert Witness Compression Format (EWF).\u00a0</p>\n<p><strong>Objective:</strong> Create a disk image for evidence hard disk using ewf-tools tools.</p>",
    "tasks": "",
    "tasks_html": "",
    "published_date": "2022-05-13T17:21:30Z",
    "solutions": "The solution for this lab can be found in the following manual:\n        <a href=\"https://assets.ine.com/labs/ad-manuals/walkthrough-1797.pdf\" target=\"blank\">https://assets.ine.com/labs/ad-manuals/walkthrough-1797.pdf</a>",
    "solutions_html": "<p>The solution for this lab can be found in the following manual:\n        <a href=\"https://assets.ine.com/labs/ad-manuals/walkthrough-1797.pdf\" target=\"blank\">https://assets.ine.com/labs/ad-manuals/walkthrough-1797.pdf</a></p>",
    "flags": [],
    "min_points_to_pass": null,
    "access_type": "default",
    "user_status": "unstarted",
    "user_lab_status": null,
    "user_status_modified": null,
    "user_flags": [],
    "global_running_session": null
}