[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.50.0509121407270.26701-100000@kegger.national-security.net>
Date: Tue Sep 13 04:44:04 2005
From: fd at ew.nsci.us (fd@...nsci.us)
Subject: Re: Full-Disclosure Digest, Vol 7, Issue 25
On Mon, 12 Sep 2005 druid@...nedcoder.org wrote:
> Purchase? no. You can dd the drive and use a utility to recognize files
> within the unallocated space, I just had to do this a couple nights ago
> so:
>
> (on system you want to copy)
> dd if=/dev/hda | nc otherhost 5000
>
> (on your lappy or whatever)
> nc -l -p 5000 | dd of=./blah
That's a cool way to do it! We always use ssh pipes but the crypto
overhead is sometimes unnecessarily slow. A great piece of *nixfoo.
-Eric
>
> I was copying from one partition on an old disk to an unpartitioned space
> on another disk in another machine, there are a bunch of ways of doing
> this but that is a quick and dirty way of copying the readable data on a
> drive to another location. You are on your own as far as finding deleted
> files, but there are programs available. BTW you can mount that file like
> a drive! Read the dd man page and remember "-" == stdin/stdout. I hope
> this was useful, I just remembered you asked for a commercial solution for
> this implying a lack of linux foo so if this is totally greek I appologize.
>
> BTW: nc == netcat, and you can use a similar trick with tar if you have no
> need to find deleted files later. Useful for the sys admins out there, OR
> use with ssh for a cheap and dirty crypted file transfer solution (but why
> not just use scp..)
>
> --druid
>
> P.S. I am only sharing this because I just had to use this trick (and
> failed with the dd btw but thats another issue entirely) and it is pretty
> handy for moving data around using a boot cd and a NIC.
>
> >
> > Message: 11
> > Date: Sun, 11 Sep 2005 18:33:43 -0400
> > From: Red Leg <redleg18@...il.com>
> > Subject: [Full-disclosure] Forensic help?
> > To: <full-disclosure@...ts.grok.org.uk>
> > Message-ID: <BF4A2907.8BD0%redleg18@...il.com>
> > Content-Type: text/plain; charset="US-ASCII"
> >
> >
> > Hi all.
> >
> > I was wondering if anyone knows of a program/system that I can purchase, as
> > a private individual, that will allow me to
> >
> > 1) mirror a hard drive on location and
> >
> > 2) take that mirror and restore it to another drive. And
> >
> > 3) Find any CONVENTIONALLY erased files?
> >
> > -- This would be either a Windows NTFS or FAT32 drive.
> >
> > Anyone have first hand experience? Please let me know, if you do. In ANY
> > case, please suggest whatever you might have learned even without first hand
> > experience.
> >
> > Thanks!
> >
> > Redleg18
> >
> >
> >
> >
> > ------------------------------
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
> > End of Full-Disclosure Digest, Vol 7, Issue 25
> > **********************************************
> >
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
--
Eric Wheeler
Vice President
National Security Concepts, Inc.
PO Box 3567
Tualatin, OR 97062
http://www.nsci.us/
Voice: (503) 293-7656
Fax: (503) 885-0770
Powered by blists - more mailing lists