lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue Sep 13 04:44:04 2005 From: fd at ew.nsci.us (fd@...nsci.us) Subject: Re: Full-Disclosure Digest, Vol 7, Issue 25 On Mon, 12 Sep 2005 druid@...nedcoder.org wrote: > Purchase? no. You can dd the drive and use a utility to recognize files > within the unallocated space, I just had to do this a couple nights ago > so: > > (on system you want to copy) > dd if=/dev/hda | nc otherhost 5000 > > (on your lappy or whatever) > nc -l -p 5000 | dd of=./blah That's a cool way to do it! We always use ssh pipes but the crypto overhead is sometimes unnecessarily slow. A great piece of *nixfoo. -Eric > > I was copying from one partition on an old disk to an unpartitioned space > on another disk in another machine, there are a bunch of ways of doing > this but that is a quick and dirty way of copying the readable data on a > drive to another location. You are on your own as far as finding deleted > files, but there are programs available. BTW you can mount that file like > a drive! Read the dd man page and remember "-" == stdin/stdout. I hope > this was useful, I just remembered you asked for a commercial solution for > this implying a lack of linux foo so if this is totally greek I appologize. > > BTW: nc == netcat, and you can use a similar trick with tar if you have no > need to find deleted files later. Useful for the sys admins out there, OR > use with ssh for a cheap and dirty crypted file transfer solution (but why > not just use scp..) > > --druid > > P.S. I am only sharing this because I just had to use this trick (and > failed with the dd btw but thats another issue entirely) and it is pretty > handy for moving data around using a boot cd and a NIC. > > > > > Message: 11 > > Date: Sun, 11 Sep 2005 18:33:43 -0400 > > From: Red Leg <redleg18@...il.com> > > Subject: [Full-disclosure] Forensic help? > > To: <full-disclosure@...ts.grok.org.uk> > > Message-ID: <BF4A2907.8BD0%redleg18@...il.com> > > Content-Type: text/plain; charset="US-ASCII" > > > > > > Hi all. > > > > I was wondering if anyone knows of a program/system that I can purchase, as > > a private individual, that will allow me to > > > > 1) mirror a hard drive on location and > > > > 2) take that mirror and restore it to another drive. And > > > > 3) Find any CONVENTIONALLY erased files? > > > > -- This would be either a Windows NTFS or FAT32 drive. > > > > Anyone have first hand experience? Please let me know, if you do. In ANY > > case, please suggest whatever you might have learned even without first hand > > experience. > > > > Thanks! > > > > Redleg18 > > > > > > > > > > ------------------------------ > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > End of Full-Disclosure Digest, Vol 7, Issue 25 > > ********************************************** > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > -- Eric Wheeler Vice President National Security Concepts, Inc. PO Box 3567 Tualatin, OR 97062 http://www.nsci.us/ Voice: (503) 293-7656 Fax: (503) 885-0770
Powered by blists - more mailing lists