| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon Sep 12 00:37:29 2005 From: dave at isecureu.com (dave kleiman) Subject: Forensic help? KF, Is that a financial decision? Anyone can purchase EnCase. You can mirror it with DD, if you are familiar with it, it is free. Best bang for the buck for imaging a drive, and recovering files and even partitions is R-tools r-tt.com: You would want Drive Image ($49) http://www.drive-image.com/ and R-UNDELETE ($55) http://www.r-undelete.com/. If you need to do the recovery across a network R-studio is ($179) Look here at the bottom of the page to see what each can do: http://www.data-recovery-software.net/ Cheers! __________________________________________________ Dave Kleiman, CAS,CIFI,CISM,CISSP,ISSAP,ISSMP,MCSE www.SecurityBreachResponse.com www.ComputerForensicInvestigations.com > -----Original Message----- > From: KF (lists) [mailto:kf_lists@...italmunition.com] > Sent: Sunday, September 11, 2005 22:01 > To: full-disclosure@...ts.grok.org.uk > Subject: Re: [Full-disclosure] Forensic help? > > http://www.sleuthkit.org/ > > I am not sure how courtroom safe it is. I have had someone > suggest to me that choosing sleuthkit was not sanctioned by > the xyz blah blah court of bleh (suggesting to use encase instead). > > As a private individual obviously encase is most likely not an option. > -KF > > > Red Leg wrote: > > >Hi all. > > > >I was wondering if anyone knows of a program/system that I can > >purchase, as a private individual, that will allow me to > > > >1) mirror a hard drive on location and > > > >2) take that mirror and restore it to another drive. And > > > >3) Find any CONVENTIONALLY erased files? > > > > -- This would be either a Windows NTFS or FAT32 drive. > > > >Anyone have first hand experience? Please let me know, if you do. In > >ANY case, please suggest whatever you might have learned > even without > >first hand experience. > > > >Thanks! > > > >Redleg18 > > > > > >_______________________________________________ > >Full-Disclosure - We believe in it. > >Charter: http://lists.grok.org.uk/full-disclosure-charter.html > >Hosted and sponsored by Secunia - http://secunia.com/ > > > > > > > > > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > >
Powered by blists - more mailing lists