| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon Sep 12 13:05:24 2005 From: brian.sims at siemens.com (Sims Brian) Subject: Forensic help? Ghost will not give you a forensically sound image. Unless something changes recently, Ghost won't image unallocated space, so you won't be able to recover any deleted files. I'd recommend using the Helix Live CD at http://www.e-fense.com/helix/, which based on Knoppix, but will never automatically mount any disks found, as Knoppix will. It contains all the tools previously mentioned - dcfldd for imaging, which you can pipe to netcat to create an image over the network. The Sleuthkit for analysis, which is basically just a front-end to other tools also included. However, the learning curve can bit a bit steep. -----Original Message----- From: Red Leg [mailto:redleg18@...il.com] Sent: Sunday, September 11, 2005 8:37 PM To: full-disclosure@...ts.grok.org.uk Subject: Re: [Full-disclosure] Forensic help? On 9/11/05 6:33 PM, "Red Leg" <redleg18@...il.com> wrote: > Hi all. > > I was wondering if anyone knows of a program/system that I can purchase, as > a private individual, that will allow me to > > 1) mirror a hard drive on location and > > 2) take that mirror and restore it to another drive. And > > 3) Find any CONVENTIONALLY erased files? > > -- This would be either a Windows NTFS or FAT32 drive. Wow! Thanks all. I really appreciate the education! I wish that I could keep the target drive, and change it out. However, this is a Freedom of Information Act issue. I don't think they'll let me keep the original/target. I knew about Drive Image, but I didn't know it or Symantec Ghost would be able to get the erased data (as in using the "Delete Key" or right click delete). Thanks! Redleg18 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ------------------------------------------------------------------------------- This message and any included attachments are from Siemens Medical Solutions USA, Inc. and are intended only for the addressee(s). The information contained herein may include trade secrets or privileged or otherwise confidential information. Unauthorized review, forwarding, printing, copying, distributing, or using such information is strictly prohibited and may be unlawful. If you received this message in error, or have reason to believe you are not authorized to receive it, please promptly delete this message and notify the sender by e-mail with a copy to Central.SecurityOffice@....siemens.com Thank you
Powered by blists - more mailing lists