Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Re: Re: P2V - Live Forensics
Feb 21 2011 06:55AM
paul ha cked net
I have had a very similar case.
If your network is fast enough i would suggest you do a live image using psexec, dd, netcat, and md5sum.
Obtain a shell on her box using psexec (use a domain admin account), mount a remote samba share under the context of that user, and then dd the PhysicalDisk as no...
[ more ]
Copyright 2010, SecurityFocus