Forensics
P2V - Live Forensics Feb 15 2011 03:13PM
solefarmer gmail com (10 replies)
Re: P2V - Live Forensics Feb 22 2011 10:18AM
Dave Howe (DaveHowe pentest googlemail com) (1 replies)
Re: P2V - Live Forensics Feb 28 2011 04:59PM
Paul Schmehl (pschmehl_lists tx rr com) (1 replies)
RE: P2V - Live Forensics Mar 02 2011 09:36AM
David Howe (David Howe ansgroup co uk) (1 replies)
Re: P2V - Live Forensics Mar 03 2011 03:14AM
Chris Barber (cmbarber gmail com)
Re: P2V - Live Forensics Feb 21 2011 09:21PM
Adam Pal (pal_adam gmx net)
RE: P2V - Live Forensics Feb 21 2011 09:21AM
Brian Hitchen esure com
I have used EnCase for many years and have just looked at using EnCase Enterprise. This was very expensive in the past but the price has recently been reduced to $10,000.

If you have the budget, I would suggest looking at this.

Brian Hitchen MBCS
Information Security Manager
esure
IT

-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of solefarmer (at) gmail (dot) com [email concealed]
Sent: 15 February 2011 15:14
To: forensics (at) securityfocus (dot) com [email concealed]
Subject: P2V - Live Forensics

Ladies, Gentlemen, and otherwise:

I have a situation whereby I need to obtain an image of an individual's laptop suitable for potential prosecution in a US court; however, I only have a limited window in which to grab the image, and was looking for alternatives in order to not "spook" the poor guy or his co-workers who would no doubt tell him about me, as I go into his office and randomly image his drive!

I thought about using P2V (Physical to Virtual), but realize that such software does make some steps to alter the system and thus may have court challenges. Is there possibility such could be explained in court, or perhaps md5 hash of his files(not the disk image) taken while online and then compared to a virtual image of sorts.

Please advise, and I'm thinking of sending the winning submission a beer or two or some other minor token of appreciation.

-----------------------------------------------------------------
Certify Software Integrity - thawte Code Signing Certificates
This guide will show you how Code Signing Certificates are used to secure code that can be downloaded from the Internet. You will also learn how these certificates operate with different software platforms.
http://www.dinclinx.com/Redirect.aspx?36;5000;25;1371;0;2;946;005be7f5c8
72ea1f

............................ esure(r) .................................

( car insurance | home insurance | travel insurance | pet insurance )

........................ www.esure.com ..............................

This email may contain confidential or legally privileged information
intended only for the individual or entity named in the email address.
If you are not the intended recipient, any disclosure, copying,
distribution or reliance upon its contents is strictly prohibited.
The content of this email does not necessarily reflect the views of
the company or its officers and esure takes no responsibility for the
views of the author. If you have received this email in error,
please reply to the sender so esure can arrange for its proper
delivery, then delete it and all copies from your system. Although
esure aims to use efficient virus checking procedures, we accept no
liability for viruses. Recipients should use their own up-to-date
virus prevention. Emails sent and received may be read by people
other than the intended recipient and may be monitored to ensure
efficient email systems.

esure Services Limited, Registered in England and Wales No. 2135610.
Registered Office: The Observatory, Reigate, Surrey RH2 0SG.
Authorised and regulated by the Financial Services Authority

....................................................................

-----------------------------------------------------------------
Certify Software Integrity - thawte Code Signing Certificates
This guide will show you how Code Signing Certificates are used to secure code that can be downloaded from the Internet. You will also learn how these certificates operate with different software platforms.
http://www.dinclinx.com/Redirect.aspx?36;5000;25;1371;0;2;946;005be7f5c8
72ea1f

[ reply ]
Re: P2V - Live Forensics Feb 19 2011 10:46AM
quark quark (quark maillist gmail com) (1 replies)
Re: P2V - Live Forensics Feb 21 2011 03:40AM
tchmielarski gmail com (1 replies)
Re: P2V - Live Forensics Feb 26 2011 12:51AM
Valdis Kletnieks vt edu
Re: P2V - Live Forensics Feb 18 2011 04:55PM
Thomas Rozenbroek (trozenbr gmu edu)
RE: P2V - Live Forensics Feb 18 2011 01:36PM
Dan Gimenez (dan gimenez comcast net)
Re: P2V - Live Forensics Feb 18 2011 12:38AM
Erin Kenneally (erin elchemy org)
Re: P2V - Live Forensics Feb 17 2011 11:01PM
William Warren (hescominsoon emmanuelcomputerconsulting com)
Re: P2V - Live Forensics Feb 17 2011 10:54PM
w ahlstros (wahlstros gmail com)
RE: P2V - Live Forensics Feb 17 2011 10:52PM
Bahrs, Art (Arthur Bahrs providence org) (1 replies)
Re: P2V - Live Forensics Feb 21 2011 03:24AM
Paulo Cesar Breim (PCB) (paulo breim com br)


 

Privacy Statement
Copyright 2010, SecurityFocus