lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue Sep 13 04:44:04 2005
From: fd at ew.nsci.us (fd@...nsci.us)
Subject: Re: Full-Disclosure Digest, Vol 7, Issue 25

On Mon, 12 Sep 2005 druid@...nedcoder.org wrote:

> Purchase? no. You can dd the drive and use a utility to recognize files 
> within the unallocated space, I just had to do this a couple nights ago 
> so:
> 
> (on system you want to copy)
> dd if=/dev/hda | nc otherhost 5000
> 
> (on your lappy or whatever)
> nc -l -p 5000 | dd of=./blah

That's a cool way to do it!  We always use ssh pipes but the crypto 
overhead is sometimes unnecessarily slow.  A great piece of *nixfoo.

-Eric

> 
> I was copying from one partition on an old disk to an unpartitioned space 
> on another disk in another machine, there are a bunch of ways of doing 
> this but that is a quick and dirty way of copying the readable data on a
> drive to another location. You are on your own as far as finding deleted
> files, but there are programs available. BTW you can mount that file like
> a drive! Read the dd man page and remember "-" == stdin/stdout. I hope 
> this was useful, I just remembered you asked for a commercial solution for 
> this implying a lack of linux foo so if this is totally greek I appologize.
> 
> BTW: nc == netcat, and you can use a similar trick with tar if you have no 
> need to find deleted files later. Useful for the sys admins out there, OR 
> use with ssh for a cheap and dirty crypted file transfer solution (but why 
> not just use scp..)
> 
> --druid
> 
> P.S. I am only sharing this because I just had to use this trick (and 
> failed with the dd btw but thats another issue entirely) and it is pretty 
> handy for moving data around using a boot cd and a NIC.
> 
> >
> > Message: 11
> > Date: Sun, 11 Sep 2005 18:33:43 -0400
> > From: Red Leg <redleg18@...il.com>
> > Subject: [Full-disclosure] Forensic help?
> > To: <full-disclosure@...ts.grok.org.uk>
> > Message-ID: <BF4A2907.8BD0%redleg18@...il.com>
> > Content-Type: text/plain;	charset="US-ASCII"
> >
> >
> > Hi all.
> >
> > I was wondering if anyone knows of a program/system that I can purchase, as
> > a private individual, that will allow me to
> >
> > 1) mirror a hard drive on location and
> >
> > 2) take that mirror and restore it to another drive. And
> >
> > 3) Find any CONVENTIONALLY erased files?
> >
> > -- This would be either a Windows NTFS or FAT32 drive.
> >
> > Anyone have first hand experience? Please let me know, if you do. In ANY
> > case, please suggest whatever you might have learned even without first hand
> > experience.
> >
> > Thanks!
> >
> > Redleg18
> >
> >
> >
> >
> > ------------------------------
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
> > End of Full-Disclosure Digest, Vol 7, Issue 25
> > **********************************************
> >
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
> 
> 

-- 
Eric Wheeler
Vice President
National Security Concepts, Inc.
PO Box 3567
Tualatin, OR 97062

http://www.nsci.us/
Voice: (503) 293-7656
Fax:   (503) 885-0770

Powered by blists - more mailing lists