For this portion, normally we would physically acquire the data from the USB device using a forensic workstation which would have a forensically prepared hard drive to store acquired data, but we simulate those steps for simplicity here. The workstation would also have a write protect device to connect the suspects USB device, but we will again simulate it for simplicity, by pretending and mentioning that we are using a Tableau hardware based USB write blocking device.

To ensure that no data has been modified during the acquisition procedure, describe the process for creating MD5 hash calculations before and after as before.txt and after.txt. Be sure to include the full command with all of the options you would use for DCFLDD or DD, assuming the USB device (source) is /dev/sdb and the forensic copy (output) would be stored as /dev/sdc1/suspect.dd.

Create an examination report, approximately a paragraph in length, that describes the steps taken to acquire the USB device including MD5 hash calculations and acquiring the device using DCFLDD or DD.

You can enter a simple paragraph format or whatever format that you feel appropriate. Ensure that it has the following items:

[2 points] Item #

[2 points] Mention usage of write-protect device

[5 points] Complete DCFLDD or DD command used to acquire

[1 points] Mention that the MD5 hash calculation before and after matched