Phil shows you how to boot a physical USB drive in a virtual box. This allows you to set up a response drive without tying up a machine for hours while you download packages.
Phil shows you what it looks like when you run the initial scan script from Chapter 02. Virtual machine tips and mounting known-good binaries are also covered.
Phil shows you how to build the Linux Memory Extractor (LiME) which is used for dumping RAM. Building LiME for a subject with the same and different kernel version from the forensics workstation are both covered.
Phil shows you how to make an image from a physical hard drive that has been removed from a subject system. Software write blocking with udev rules and hardware recommendations are covered in this video.
Phil shows you how to mount GUID Partition Table (GPT) based partitions automatically with Python. GPT partitions are reviewed as he walks you through this Python script.
Phil shows you how to import metadata into MySQL. This allows you to quickly create timelines and perform other tasks that are either slow or not easily doable using standard pre-packaged tools.
Phil shows you how to find files that have been added to system directories by an attacker regardless of any changes to timestamps. A shell script is used to automate this process.
Phil shows you how to create a Volatility profile. This process is automated with shell scripting.
Phil shows you how to create a timeline using the metadata that has been imported into MySQL. The more advanced attack is covered in this video.
Phil shows you how to use readelf to examine unknown binaries. One of the Xing Yi Quan rootkit binaries is used as an example in this video.