Forensics Mode:
(Page 9 of 84)  < Prev  4 5 6 7 8 9 10 11 12 13 14  Next >
Re: Physically damaged SD card 2007-01-04
Tim (tim-forensics sentinelchicken org)
Spam detection software, running on the system "mail.securityfocus.com", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that

[ more ]  [ reply ]
Re: recovery/forensics of NTFS encrypted folder. 2007-01-03
Chetan Gupta (chetan gupta niiconsulting com) (1 replies)
Dear Richard,
I haven't tried it yet but should be worth trying out. Let me tell you
my understanding of how EFS works. When a user encrypts a file using EFS
for the first time, then a public/private key pair is generated and a
FEK (File Encryption Key) is generated. This FEK is a symmetric key

[ more ]  [ reply ]
Re: recovery/forensics of NTFS encrypted folder. 2007-01-04
mcardenas criminalistica cl
RE: jetdirect log files 2007-01-02
Bobby Smathers (bsmathers reypd com) (1 replies)
Check the system log of the computer/server that the queue is setup on.
Depending on when and how much logging you have enabled on the event
logs, you will find it there.

-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]]
On Behalf Of jefklak
Sent:

[ more ]  [ reply ]
RE: jetdirect log files 2007-01-04
Tony Arendt (tarendt neohapsis com)
Re: recovery/forensics of NTFS encrypted folder. 2007-01-02
levinson_k securityadmin info (1 replies)
I believe cracking EFS encrypted files is not going to likely here, unless you were able to somehow recover the deleted user profiles from the wiped version of Windows from the disk, from the domain (if it was joined to a domain) or from a backup. How exactly was the disk "wiped?"

Good informat

[ more ]  [ reply ]
Physically damaged SD card 2007-01-04
Michael Edwards (medwards digital-legal com)
jetdirect log files 2007-01-01
jefklak (jefklak hotmail com) (1 replies)

I have a network printer connected to a HP jetdirect module. I need to find
out who printed lately some files. How can I retreive the log files from the
module. Thanks.
--
View this message in context: http://www.nabble.com/jetdirect-log-files-tf2904359.html#a8114092
Sent from the Security - Foren

[ more ]  [ reply ]
Re: jetdirect log files 2007-01-02
Kevin (rot_betruger sbcglobal net)
recovery/forensics of NTFS encrypted folder. 2006-12-31
Rikard Johnels (rikard j rikjoh com) (2 replies)
I have a drive where i need to investigate one encrypted folder full of
equally encrypted files. (XP default type encryption of files/folders)
The original system disk is unavailable due to a wipe, so the key is lost.

Is there any way to rebuild the files to make an investigation possible?

--
 

[ more ]  [ reply ]
Re: recovery/forensics of NTFS encrypted folder. 2007-01-02
Chetan Gupta (chetan gupta niiconsulting com) (1 replies)
Re: recovery/forensics of NTFS encrypted folder. 2007-01-04
farmerdude (subscribe crazytrain com) (1 replies)
Re: recovery/forensics of NTFS encrypted folder. 2007-01-04
Rikard Johnels (rikard j rikjoh com)
Re: recovery/forensics of NTFS encrypted folder. 2007-01-02
Bhushan Shah (bhushan niiconsulting com)
CarvFs fixed to work with latest releases sleuthkit/scalpel/libewf (in-place/zero-storage carving) 2006-12-29
Rob Meijer (rmeijer xs4all nl)
The new 0.2.1 release of CarvFs ( http://ocfa.sourceforge.net/libcarvpath/ )
now comes with a script (scalpelcp) that makes it work in conjunction with
the preview mode ( the -p option) of scalpel. This script can be used to
populate the scalpel output dir with symlinks to the proper carvfs pseudo
f

[ more ]  [ reply ]
CFP: 2007 Conference on Digital Forensics, Security and Law 2006-12-26
Glenn Dardick (gdardick dardick net)
ADFSL 2007 Conference on Digital Forensics, Security and Law
============================================================
DEADLINE: CALL FOR PAPERS AND PROPOSALS - December 31, 2006
============================================================
VENUE: Arlington, Virginia USA on April 18-20, 2007
====

[ more ]  [ reply ]
Hachoir: framework to parse binary files 2006-12-22
victor stinner haypocalc com
Hi, since one year I'm working on a framework written in Python to parse any binary file. Some features:
* Autofix: Catch any parser error and fix them as soon as possible
* Lazy: Field value, size, description, absolute address, (...) are computed on demand
* No arbitrary limit on addresses, field

[ more ]  [ reply ]
Re: Mount a .bin file in Linux 2006-12-22
norman sandbox gmail com
If it were just an iso, you shouldn't have had a problem with the mount. A Windows partition has an offset of 32256 according to the Anti-Hacker Toolkit. You can do the following:
losetup -o 32256 /dev/loop0 /media/test
mount -o -ro /dev/loop0 /media/recovery
ls /media/recovery

Alex Klimov's advice

[ more ]  [ reply ]
Many bugfixes Open Computer Forensics Architecture. 2006-12-21
Rob J Meijer (rmeijer xs4all nl)
The Open Computer Forensics Architecture (OCFA) project
just released a new version with many bug fixes.

http://sourceforge.net/projects/ocfa/

The Open Computer Forensics Architecture is a modular computer forensics
framework running on Linux.The project aims to be highly modular,
robust,fault t

[ more ]  [ reply ]
Re: Disk drive without a partition table? 2006-11-22
Greg Freemyer (greg freemyer gmail com)
Brian,

Thanks for the pointer.

gpart found my missing partition and I now have it mounted.

Greg

On 11/20/06, Brian Carrier <carrier (at) digital-evidence (dot) org [email concealed]> wrote:
> You could use tools such as gpart or testdisk to search the drive for
> file system signatures to determine if there are file systems

[ more ]  [ reply ]
Re: Tracking moved files? 2006-11-08
bsmathers reypd com
This is all done within the registry and not a log file unless some third party synchronization software was used. There are unique descriptors created for each device that lists information like what kind of device it is, number of endpoints, etc.

You can read more about descriptors here:

http://

[ more ]  [ reply ]
RE: Recovery data after 57+ formats - fact or fiction?? 2006-11-10
Gavin, Michael (mgavin forrester com)
Hi Michael,

About a week after I sent my previous response to both you and the
forensics mailing list, I got notification that it wasn't approved for
the forensics list; I have no idea why not. Hopefully you received it,
but it is included below in any case.

Anyway, I came across the following tod

[ more ]  [ reply ]
Re: Data Recovery 2006-11-11
Butterworth, Jim (jim butterworth guidancesoftware com)
I've watched this topic ebb and flow for quite sometime and I've often wondered if anyone has ever taken a test drive, placed a "sensitive" file on it, either a string of ascii or a whole file, overwritten the drive, and tasked another person to find it using currently available open source or comme

[ more ]  [ reply ]
RE: Recovery data after 57+ formats - fact or fiction?? 2006-11-10
Gavin, Michael (mgavin forrester com) (1 replies)
Not 57+, but how about 21?

I just stumbled upon an article that states: "There are rumors that
government agencies have the capability to recover data that has been
overwritten as many as 21 times."

This is a SANS GSEC article originally published on 7/21/2001, and
updated on 6/12/2006, titled "S

[ more ]  [ reply ]
Re: Recovery data after 57+ formats - fact or fiction?? 2006-11-11
Simson Garfinkel (simsong acm org)
Zero-storage carving 2006-11-09
Rob J Meijer (rmeijer xs4all nl)
For those of you interested in zero-storage carving,
libcarvpath and carvfs now provide a simple means to
patch zero-storage carving into carving tools.

http://ocfa.sourceforge.net/libcarvpath/

A patch to the sleuthkit is included with carvfs that
includes zero-storage carvpath versions of mmls,

[ more ]  [ reply ]
SDFOST - Call for Papers 2006-11-08
henry cs fsu edu
The First International Workshop on Spoofing, Digital Forensics and Open Source Tools (SDFOST), in conjunction with ARES-2007 -- The Second International Conference on Availability, Reliability and Security
The conference will be held at the Vienna University of Technology (TU) in Vienna, Austria on

[ more ]  [ reply ]
(Page 9 of 84)  < Prev  4 5 6 7 8 9 10 11 12 13 14  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus