I'll second BARTPE for being able to write to the disk-it is very cool. You
can set drives to be shared so that you can hook your laptop to it and run
through directories etc.

Even with a linux-based live disk like Helix you can write to ntfs too. Just
needs to be mounted right.

http://www.ntfs-3g.org/

mount -t captive-ntfs -o rw /dev/hda1 /mnt/hda1 etc

> >-----Original Message-----
> >From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]]
> >On Behalf Of Mike Moratz-Coppins
> >Sent: Wednesday, March 19, 2008 4:28 AM
> >To: focus-ms (at) securityfocus (dot) com [email concealed]
> >Subject: Re: More along the lines of malware disinfection
> >
> >Express Web Systems, Inc. wrote:
> >> The problem with accessing the "Documents and Settings" folder is a
> >tough
> >> one to crack, as I didn't have to deal with it in my instance (the
> >files
> >> were located in a hidden directory in C:\Windows\). You might want to
> >try
> >> liveCD that supports reading and writing to NTFS (if they are using
> >NTFS, or
> >> if you are lucky, just access the drive via FAT32).
> >
> >AFAIK most live CDs just grant read-only access to NTFS. Which one
> >would you recommend?
> >
> >> As a different avenue of approach, maybe you can accomplish something
> >with
> >> BartPE. That would allow you to boot into windows and run various apps
> >> independent of the compromised OS.
> >
> >I haven't heard of that before, I'll read up about it.
> >
> >
> >--
> >Mike Moratz-Coppins
> >mike (at) mikeymike.org (dot) uk [email concealed]
> >http://www.mikeymike.org.uk/

[ reply ]