lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Mon Sep 12 13:51:45 2005
From: druid at stonedcoder.org (druid@...nedcoder.org)
Subject: Re: Full-Disclosure Digest, Vol 7, Issue 25

Purchase? no. You can dd the drive and use a utility to recognize files 
within the unallocated space, I just had to do this a couple nights ago 
so:

(on system you want to copy)
dd if=/dev/hda | nc otherhost 5000

(on your lappy or whatever)
nc -l -p 5000 | dd of=./blah

I was copying from one partition on an old disk to an unpartitioned space 
on another disk in another machine, there are a bunch of ways of doing 
this but that is a quick and dirty way of copying the readable data on a
drive to another location. You are on your own as far as finding deleted
files, but there are programs available. BTW you can mount that file like
a drive! Read the dd man page and remember "-" == stdin/stdout. I hope 
this was useful, I just remembered you asked for a commercial solution for 
this implying a lack of linux foo so if this is totally greek I appologize.

BTW: nc == netcat, and you can use a similar trick with tar if you have no 
need to find deleted files later. Useful for the sys admins out there, OR 
use with ssh for a cheap and dirty crypted file transfer solution (but why 
not just use scp..)

--druid

P.S. I am only sharing this because I just had to use this trick (and 
failed with the dd btw but thats another issue entirely) and it is pretty 
handy for moving data around using a boot cd and a NIC.

>
> Message: 11
> Date: Sun, 11 Sep 2005 18:33:43 -0400
> From: Red Leg <redleg18@...il.com>
> Subject: [Full-disclosure] Forensic help?
> To: <full-disclosure@...ts.grok.org.uk>
> Message-ID: <BF4A2907.8BD0%redleg18@...il.com>
> Content-Type: text/plain;	charset="US-ASCII"
>
>
> Hi all.
>
> I was wondering if anyone knows of a program/system that I can purchase, as
> a private individual, that will allow me to
>
> 1) mirror a hard drive on location and
>
> 2) take that mirror and restore it to another drive. And
>
> 3) Find any CONVENTIONALLY erased files?
>
> -- This would be either a Windows NTFS or FAT32 drive.
>
> Anyone have first hand experience? Please let me know, if you do. In ANY
> case, please suggest whatever you might have learned even without first hand
> experience.
>
> Thanks!
>
> Redleg18
>
>
>
>
> ------------------------------
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
> End of Full-Disclosure Digest, Vol 7, Issue 25
> **********************************************
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ