Forensics Mode:
(Page 26 of 84)  < Prev  21 22 23 24 25 26 27 28 29 30 31  Next >
Re: undetected drive 2005-06-18
Michael Cecil (macecil comcast net)
At 10:20 AM 6/17/2005, Tamarcus A Person wrote:
>
>Eamonn,
> First of all, you questions are far from being considered dumb. I am,
>at the moment, encountering the same issues with 5 hard drives that I had
>wipe to remove the sensitive data previously stored on them. Once the disk
>drives

[ more ]  [ reply ]
Re: Reconstruct a hardware RAID from the raw images of each HD 2005-06-18
Jason Coombs (jasonc science org)
Where's the RAID controller ?

Without it you've got a real problem.

The controller's settings are essential to reconstructing the RAID array. Guessing what the settings were would work, eventually, if you knew which controller was being used.

Regards,

Jason Coombs
jasonc (at) science (dot) org [email concealed]

-----Origin

[ more ]  [ reply ]
Identifying seed file IP address in Exeem, BT and KaZaA 2005-06-17
ricci (ricci cs ust hk) (1 replies)
Hello All,

Some P2P users make use of the tools like Exeem, BT or KaZaA for
transferring files over network. Is there any way we can find out trace of
what users have downloaded? Also can we identify if the seed file were
created from the person?

Through network monitoring, can we identify the pub

[ more ]  [ reply ]
Re: Identifying seed file IP address in Exeem, BT and KaZaA 2005-06-18
Lance James (lancej securescience net)
Reconstruct a hardware RAID from the raw images of each HD 2005-06-17
Rasec Platff (platff gmail com) (1 replies)

Does someone has any experience / background information or can express
here any thoughts about reconstructing a hardware RAID 5 partition from
the raw images of each of the HDs that composed the RAID?

Thanks in advice,

Rasec

[ more ]  [ reply ]
Re: Reconstruct a hardware RAID from the raw images of each HD 2005-06-20
Serge de Souza (serge cs curtin edu au)
Re: Mac HD Mounting... 2005-06-17
John Garvin (jgarvin gmail com)
On 6/16/05, Ted A <arcturous (at) hotmail (dot) com [email concealed]> wrote:
>
> So here I am, with an imaged copy of a Mac HD. I need to get into it to see
> what the contents are, etc etc.
> I remember reading that Knoppix allows you to mount the drive and view the
> contents, so I've hooked it up to my box here and booted

[ more ]  [ reply ]
undetected drive 2005-06-17
Eamonn Saunders (eamonn saunders gmail com) (3 replies)
Hi,
First off allow me to ask for forgiveness in advance if the following
questions are dumb...I'm new to this area and I'm stuck.
I've been given a Maxtor 60G hard drive to practice/develop my forensics
skills. This drive has previously been analyzed by professionals. I've
imaged other drives

[ more ]  [ reply ]
RE: undetected drive 2005-06-18
Gary Funck (gary intrepid com)
Re: undetected drive 2005-06-17
Mister Coffee (live4java stormcenter net)
Re: undetected drive 2005-06-17
Tamarcus A Person (tperson csc com)
FTimes 3.5.0 Released 2005-06-17
klm uidzero org
Background:

FTimes is a system baselining and evidence collection tool. The
primary purpose of FTimes is to gather and/or develop information
about specified directories and files in a manner conducive to
intrusion analysis.

FTimes is a lightweight tool in the sense that it doesn't need

[ more ]  [ reply ]
Minimal RAM footprint boot CD? 2005-06-16
Bruce P. Burrell (bpb umich edu) (2 replies)
Hi, all.

I was using dd under Helix 1.6 to make an image of a (very) damaged
hard drive... after several days, I had copied some 3 GB out of 40, while
most of the time was spent trying to copy the other 1100 or so bad
sectors. The important part to me, at this point, was the log file of
where dd

[ more ]  [ reply ]
Re: Minimal RAM footprint boot CD? 2005-06-16
Rikard Johnels (rikjoh norweb se)
Re: Minimal RAM footprint boot CD? 2005-06-16
Volker Tanger (vtlists wyae de)
RE: Carving deleted messages from PST file remains 2005-06-15
Greg Kelley (gkelley vestigeltd com)
Do you have Encase? The one thing I have tried with some success is
perform a search over unallocated space with a keyword in Encase but
enabling the Outlook Compressed Codepage. This has allowed me to find
some e-mail fragments and carve them out.

Greg Kelley, EnCE
Vestige Digital Investigations

[ more ]  [ reply ]
Tools accepted by the courts 2005-06-15
Robert Larson (robert j larson gmail com) (1 replies)
I'm involved in a discussion with some co-workers concerning forensic
tools and the fact that evidence acquired with some tools is going to
be more accepted in court than others.

Has anyone encountered a situation where evidence extracted with a
particular tool was not accepted?

For example, an ex

[ more ]  [ reply ]
Re: Tools accepted by the courts 2005-06-16
Becky Nelson (cybergirrl gmail com)
Re: Re: Forensic disk duplication modifies the evidence hard disk 2005-06-15
moeeba yahoo com (1 replies)
While HUP provides intellectual stimulation, it is of little consequence when concidering evidence. While there may be atomic differences between the copies, there are no MD5 differences. This is where the focus should be since it is what will convict or set someone free.

I still enjoy the extran

[ more ]  [ reply ]
Mac HD Mounting... 2005-06-16
Ted A (arcturous hotmail com)
RE: Carving deleted messages from PST file remains 2005-06-15
Newsfeeds (kentshaw newsfeeds com) (1 replies)
If the email account was on an Exchange server, you can likely retrieve
these from server backups. Sometimes, it is possible to retrieve deleted
emails messages from the .PST file, if the .PST file has not been compacted,
by intentionally corrupting the file index and then using the Microsoft
Scanp

[ more ]  [ reply ]
Re: Carving deleted messages from PST file remains 2005-06-15
Jeff Lumley (jlumley forfend org)
Re: Carving deleted messages from PST file remains 2005-06-14
Slawek (slawek-c peoplepc com)
Although I don't have an answer to your specific question, i do have a comment.

The WinHex program (forensic edition) does a good job of regognizing and presenting
to you in a preview mode, the content of PST files. The technology WinHex uses is
based on the Outside In Viewer Technology.

Would it

[ more ]  [ reply ]
Re: airtf.exe 2005-06-13
GuidoZ (uberguidoz gmail com)
You could also try a place like VirusTotal to scan it with a handful
of different AVs all at once. It's a free service which I've used a
number of times and have come to like. If you would rather NOT have
the uploaded file distributed to AV vendors automatically, be sure to
click the "Distribute" ic

[ more ]  [ reply ]
Carving deleted messages from PST file remains 2005-06-13
Jyri Hovila (jyri hovila turvamies fi) (1 replies)
Dear all,

I'm investigating a case in which deleted e-mail messages play a
significant role. The suspect has deleted his e-mails from within
Outlook, so that the size of the PST file has shrunk from hundreds of
megabytes to hundreds of kilobytes. The deleted messages are still on
the hard drive

[ more ]  [ reply ]
RE: Carving deleted messages from PST file remains 2005-06-14
Webbrain (webbrain hotpop com)
RE: More on breathalyzers: Only open source forensics can be trusted? 2005-06-13
Keith T. Morgan (keith morgan terradon com)
I believe that part of the sales schpiel for EnCase is that if the
validity of evidence gathered by EnCase is challenged in court, they
will send attorneys to deal with that situation (as needed). I could be
wrong, but I seem to remember that as part of their marketing materials.
And if you think a

[ more ]  [ reply ]
Re: airtf.exe 2005-06-13
manutdfan (manutdfan comcast net)
Luis.
You could also try to upload it to
www.virustotal.com to test it against multiple anti-virus vendors.

[ more ]  [ reply ]
WebJob 1.5.0 Released 2005-06-11
klm uidzero org
Background:

WebJob downloads a program over HTTP/HTTPS and executes it in one
unified operation. The output, if any, may be directed to
stdout/stderr or a Web resource. WebJob may be useful in incident
response and intrusion analysis as it provides a mechanism to run
known good diagnostic

[ more ]  [ reply ]
(Page 26 of 84)  < Prev  21 22 23 24 25 26 27 28 29 30 31  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus