lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20050911233722.404971FA@lists.grok.org.uk>
Date: Mon Sep 12 00:37:29 2005
From: dave at isecureu.com (dave kleiman)
Subject: Forensic help?

KF,

Is that a financial decision?  Anyone can purchase EnCase.

You can mirror it with DD, if you are familiar with it, it is free.

Best bang for the buck for imaging a drive, and recovering files and even
partitions is R-tools r-tt.com:
You would want Drive Image ($49) http://www.drive-image.com/ and R-UNDELETE
($55) http://www.r-undelete.com/. If you need to do the recovery across a
network R-studio is ($179)

Look here at the bottom of the page to see what each can do:
http://www.data-recovery-software.net/

Cheers!


__________________________________________________
Dave Kleiman, CAS,CIFI,CISM,CISSP,ISSAP,ISSMP,MCSE

www.SecurityBreachResponse.com www.ComputerForensicInvestigations.com
 



> -----Original Message-----
> From: KF (lists) [mailto:kf_lists@...italmunition.com]
> Sent: Sunday, September 11, 2005 22:01
> To: full-disclosure@...ts.grok.org.uk
> Subject: Re: [Full-disclosure] Forensic help?
>
> http://www.sleuthkit.org/
>
> I am not sure how courtroom safe it is. I have had someone
> suggest to me that choosing sleuthkit was not sanctioned by
> the xyz blah blah court of bleh (suggesting to use encase instead).
>
> As a private individual obviously encase is most likely not an option.
> -KF
>
>
> Red Leg wrote:
>
> >Hi all.
> >
> >I was wondering if anyone knows of a program/system that I can
> >purchase, as a private individual, that will allow me to
> >
> >1) mirror a hard drive on location and
> >
> >2) take that mirror and restore it to another drive. And
> >
> >3) Find any CONVENTIONALLY erased files?
> >
> > -- This would be either a Windows NTFS or FAT32 drive.
> >
> >Anyone have first hand experience? Please let me know, if you do. In
> >ANY case, please suggest whatever you might have learned
> even without
> >first hand experience.
> >
> >Thanks!
> >
> >Redleg18
> >
> >
> >_______________________________________________
> >Full-Disclosure - We believe in it.
> >Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >Hosted and sponsored by Secunia - http://secunia.com/
> >
> >
> >
> >
> >
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ