Colapse all |
Post message
Re: recovery/forensics of NTFS encrypted folder. 2007-01-03 Chetan Gupta (chetan gupta niiconsulting com) (1 replies) Dear Richard, I haven't tried it yet but should be worth trying out. Let me tell you my understanding of how EFS works. When a user encrypts a file using EFS for the first time, then a public/private key pair is generated and a FEK (File Encryption Key) is generated. This FEK is a symmetric key [ more ] [ reply ] RE: jetdirect log files 2007-01-02 Bobby Smathers (bsmathers reypd com) (1 replies) Check the system log of the computer/server that the queue is setup on. Depending on when and how much logging you have enabled on the event logs, you will find it there. -----Original Message----- From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of jefklak Sent: [ more ] [ reply ] Re: recovery/forensics of NTFS encrypted folder. 2007-01-02 levinson_k securityadmin info (1 replies) I believe cracking EFS encrypted files is not going to likely here, unless you were able to somehow recover the deleted user profiles from the wiped version of Windows from the disk, from the domain (if it was joined to a domain) or from a backup. How exactly was the disk "wiped?" Good informat [ more ] [ reply ] jetdirect log files 2007-01-01 jefklak (jefklak hotmail com) (1 replies) I have a network printer connected to a HP jetdirect module. I need to find out who printed lately some files. How can I retreive the log files from the module. Thanks. -- View this message in context: http://www.nabble.com/jetdirect-log-files-tf2904359.html#a8114092 Sent from the Security - Foren [ more ] [ reply ] recovery/forensics of NTFS encrypted folder. 2006-12-31 Rikard Johnels (rikard j rikjoh com) (2 replies) I have a drive where i need to investigate one encrypted folder full of equally encrypted files. (XP default type encryption of files/folders) The original system disk is unavailable due to a wipe, so the key is lost. Is there any way to rebuild the files to make an investigation possible? -- [ more ] [ reply ] Re: recovery/forensics of NTFS encrypted folder. 2007-01-02 Chetan Gupta (chetan gupta niiconsulting com) (1 replies) Re: recovery/forensics of NTFS encrypted folder. 2007-01-04 farmerdude (subscribe crazytrain com) (1 replies) Re: recovery/forensics of NTFS encrypted folder. 2007-01-02 Bhushan Shah (bhushan niiconsulting com) CarvFs fixed to work with latest releases sleuthkit/scalpel/libewf (in-place/zero-storage carving) 2006-12-29 Rob Meijer (rmeijer xs4all nl) The new 0.2.1 release of CarvFs ( http://ocfa.sourceforge.net/libcarvpath/ ) now comes with a script (scalpelcp) that makes it work in conjunction with the preview mode ( the -p option) of scalpel. This script can be used to populate the scalpel output dir with symlinks to the proper carvfs pseudo f [ more ] [ reply ] CFP: 2007 Conference on Digital Forensics, Security and Law 2006-12-26 Glenn Dardick (gdardick dardick net) ADFSL 2007 Conference on Digital Forensics, Security and Law ============================================================ DEADLINE: CALL FOR PAPERS AND PROPOSALS - December 31, 2006 ============================================================ VENUE: Arlington, Virginia USA on April 18-20, 2007 ==== [ more ] [ reply ] Hachoir: framework to parse binary files 2006-12-22 victor stinner haypocalc com Hi, since one year I'm working on a framework written in Python to parse any binary file. Some features: * Autofix: Catch any parser error and fix them as soon as possible * Lazy: Field value, size, description, absolute address, (...) are computed on demand * No arbitrary limit on addresses, field [ more ] [ reply ] Re: Mount a .bin file in Linux 2006-12-22 norman sandbox gmail com If it were just an iso, you shouldn't have had a problem with the mount. A Windows partition has an offset of 32256 according to the Anti-Hacker Toolkit. You can do the following: losetup -o 32256 /dev/loop0 /media/test mount -o -ro /dev/loop0 /media/recovery ls /media/recovery Alex Klimov's advice [ more ] [ reply ] Many bugfixes Open Computer Forensics Architecture. 2006-12-21 Rob J Meijer (rmeijer xs4all nl) The Open Computer Forensics Architecture (OCFA) project just released a new version with many bug fixes. http://sourceforge.net/projects/ocfa/ The Open Computer Forensics Architecture is a modular computer forensics framework running on Linux.The project aims to be highly modular, robust,fault t [ more ] [ reply ] Re: Disk drive without a partition table? 2006-11-22 Greg Freemyer (greg freemyer gmail com) Brian, Thanks for the pointer. gpart found my missing partition and I now have it mounted. Greg On 11/20/06, Brian Carrier <carrier (at) digital-evidence (dot) org [email concealed]> wrote: > You could use tools such as gpart or testdisk to search the drive for > file system signatures to determine if there are file systems [ more ] [ reply ] Re: Tracking moved files? 2006-11-08 bsmathers reypd com This is all done within the registry and not a log file unless some third party synchronization software was used. There are unique descriptors created for each device that lists information like what kind of device it is, number of endpoints, etc. You can read more about descriptors here: http:// [ more ] [ reply ] RE: Recovery data after 57+ formats - fact or fiction?? 2006-11-10 Gavin, Michael (mgavin forrester com) Hi Michael, About a week after I sent my previous response to both you and the forensics mailing list, I got notification that it wasn't approved for the forensics list; I have no idea why not. Hopefully you received it, but it is included below in any case. Anyway, I came across the following tod [ more ] [ reply ] Re: Data Recovery 2006-11-11 Butterworth, Jim (jim butterworth guidancesoftware com) I've watched this topic ebb and flow for quite sometime and I've often wondered if anyone has ever taken a test drive, placed a "sensitive" file on it, either a string of ascii or a whole file, overwritten the drive, and tasked another person to find it using currently available open source or comme [ more ] [ reply ] RE: Recovery data after 57+ formats - fact or fiction?? 2006-11-10 Gavin, Michael (mgavin forrester com) (1 replies) Not 57+, but how about 21? I just stumbled upon an article that states: "There are rumors that government agencies have the capability to recover data that has been overwritten as many as 21 times." This is a SANS GSEC article originally published on 7/21/2001, and updated on 6/12/2006, titled "S [ more ] [ reply ] Re: Recovery data after 57+ formats - fact or fiction?? 2006-11-11 Simson Garfinkel (simsong acm org) Zero-storage carving 2006-11-09 Rob J Meijer (rmeijer xs4all nl) For those of you interested in zero-storage carving, libcarvpath and carvfs now provide a simple means to patch zero-storage carving into carving tools. http://ocfa.sourceforge.net/libcarvpath/ A patch to the sleuthkit is included with carvfs that includes zero-storage carvpath versions of mmls, [ more ] [ reply ] SDFOST - Call for Papers 2006-11-08 henry cs fsu edu The First International Workshop on Spoofing, Digital Forensics and Open Source Tools (SDFOST), in conjunction with ARES-2007 -- The Second International Conference on Availability, Reliability and Security The conference will be held at the Vienna University of Technology (TU) in Vienna, Austria on [ more ] [ reply ] |
Privacy Statement |
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that
[ more ] [ reply ]