Ben Smeets
2012-09-29 V1
Instructions for creating a USB pendrive with DeftLive
Requirement: Use a pendrive of at least 4GB.
WARNING: All data of the pendrive will be destroyed. Be sure that the machine you want to use the
pendrive on actually supports booting from a USB. This is now almost always the case. But it may need
adjustments in the BIOS of the machine.
WARNING: Because of the way the original pendrive image is constructed it is very sensitive on how its
data is placed on the pendrive1. On windows the process is more error prone than for Linux and Mac (on
the other hand on those OSs you can really mess up your machine if you are not careful).
There are two alternatives to create a pendrive. For Linux/Unix machines use the original alternative as
described on the DEFT webside. On a Mac you can also use the dd routine but with some additional
steps see for example http://www.thelinuxdaily.com/2010/01/writing-images-to-disk-on-mac-osx-withdd/. The other alternative addresses the creation of the pendrive on a windows machine.
WARNING: Alternative 1, albeit very efficient, may potentially ruin your hard disk if you enter the wrong
device as destination (argument of=<>). So double check that you are actually writing to the device
where you inserted the target USB pendrive.
1
See the following for more details https://wiki.archlinux.org/index.php/USB_Installation_Media.
Ben Smeets
2012-09-29 V1
ALT1: use the dd pendrive image on Linux and Mac
Minimal requirements:


a working linux system
a USB pendrive device, minimal 4Gb
1. Download the pendrive compressed image from the location as indicated in the project
instructions. This takes about 30 minutes (sept 2012).
2. [Optional but recommended] Check the size. Its md5 checksum should be
75c0cecce7a549db945704672ef5c935 for DeftPen_v710-usb_4gb.dd.gz.
3. Decompress: gzip -d *.dd.gz, this should take 2-3 minutes
4. Plug your USB device into your Linux machine, ensure it is NOT mounted in your system
5. Write down it’s device name, i.e. /dev/sdx (please notice there isn’t any trailing number)
6. Flash your device: dd if= DeftPen_v710-usb_4gb.dd of=/dev/sdx ; sync
This will take a while, e.g. 15-20 minutes and should end with a message indicating that
4,004,511,744 bytes have been written.
7. Now take out the pendrive and insert in the machine you want to use it and reboot
Note: If you use a pendrive that can hold over 4GB of data you will notice that after the flashing it
appears that the device has only a capacity of 4GB. If you want to get the full capacity back you need to
Creating a bootable pendrive from the original dd image on a windows machine is trickier. One can use
winimage for this but we recommend you use the USB compressed image deft710.zip that you can find
on the lab machines in the Y:\adsec\LAB1\Part1 directory. In the same directory you find the file
imageusb.zip that contains a windows program that can write the USB image to the pendrive.
Ben Smeets
2012-09-29 V1
Alt 2: use the deft710.bin image on Windows
Minimal requirements.
Lab PC at EIT (to get access to the image file)
1. Login on one of the lab computers and copy the pendrive compressed image deft710.zip
Y2:\lab\adsec\LAB1\Part1 mounted from the homer server: I.e. \\homer\lab\adsec\LAB1\Part1
We assume you put this into C:\adsec\LAB1
2. Copy also the zip file imageusb.zip to your lab computer
3. Next decompress the image file and extract the file imageusb.zip . This takes about 2 minutes on
an 1.2GhZ I5 machine. Now you should have a file called deft710.bin that we can flash.
4. Insert the pendrive and reformat the drive (quick formatting is ok)
5. Start imageUSB.exe that you got after extracting the files from imageusb.zip. Select the correct
target drive and the image you want to flash, see below.
6. Press “Write to UFD”. Now programming starts and it will take a 15-20 minutes.
7. Eject the pendrive and insert it in the PC to be used for your forensic analysis and reboot.
2
The drive letter Y may be different on your lab machine particularly if you mount the homer directory yourself.