Hello,
Does anyone know if it is possible to get a physical image of a device over WiFi, or do you actually need a physical connection to the device to access the raw data?
The reason I'm asking is that we've been asked to look at the range of WiFi card readers and hard drives on the market, and to see if we can image a device plugged into one.
I'm not sure it's possible. We've had success carrying out a logical copy of data on the WiFi devices, but so far haven't been able to carry out a physical image.
I'm using command-line dc3dd to mount and image the devices for imaging.
Thanks for your help,
Mark
Does anyone know if it is possible to get a physical image of a device over WiFi, or do you actually need a physical connection to the device to access the raw data?
That would depend on what kind of software that acts as the connection between the network and the disk, wouldn't it?
I mean, consider iSCSI. It doesn't care what kind of physical network you're connecting over, as long as you have a TCP connection. If you're using ATA-over-IP … well, the name says what you can expect.
The reason I'm asking is that we've been asked to look at the range of WiFi card readers and hard drives on the market, and to see if we can image a device plugged into one.
That sounds more like a question of what these units actually support. You have to read the documentation or talk to the manufacturer for that. Or, perhaps also, what platform and device drivers you're using.
If all the units offer is SAMBA/CIFS, for example, then that's what you get.
I'm not sure it's possible.
I also think it is not possible unless the device has been explicitly and intentionally provided with the feature by the manufacturer or is modified to have it.
As I see it the device needs to run - simple or minimal as it might be - an OS of some kind, capable of connecting through a network protocol to other devices on the Wi-Fi, and this would most probably be a firmware, possibly flashable.
But the base functions of this hypothetical mini-OS would only be those of - at boot - expose the device to the WiFi connection and there would be no real reason to expose the PhysicalDrive, it will be needed to modify the firmware (if possible) to use the "mini-OS" to access the data.
Only seemingly OT, a few years ago it was quite common a network disk by LaCie that ran a Linux that could be modified to have different or (more) functions
http//
Loosely, the thingy is to all effects like a "router" running its own OS, just like you can flash *whatever* on a router, you can flash to the wi-fi hard disk or card reader, point is whether an alternate firmware for the thingy exists or you will have to write your own or modify the existing one.
So you should IMHO go "backwards", find models for which alternate firmwares exist, and see if they provide this functionality or if however the method to workaround the (typically implemented by the manufacturer) authentication methods for the firmware have been published.
jaclaz
I'm not sure it's possible.
Mobile Edit Forensic can do it.
I'm not sure it's possible.
Mobile Edit Forensic can do it.
For *any* Wi-Fi connected storage device? 😯
Could you post some details on how this is achieved? ?
jaclaz
I would not expect a problem with WiFi, except for speed.
I would not expect a problem with WiFi, except for speed.
As well, do you care to explain how to access the RAW device through Wi-Fi?
jaclaz
I second Jaclaz… how do you access the RAW device over WiFi?
Connect via internal network and/or VPN using remote control software. Run the imager on the remote (source) computer, with the image destination being a local (target) IP-mounted drive via an old LAN Manager command, such as "net use k \\192.168.0.11\c$"
Connect via internal network and/or VPN using remote control software. Run the imager on the remote (source) computer, with the image destination being a local (target) IP-mounted drive via an old LAN Manager command, such as "net use k \\192.168.0.11\c$"
Well, this assumes a "subset" of devices, namely a device that runs an OS (or firmware) and that is accessible through a remote control software of some kind, besides having access to a network drive.
jaclaz