Forensics Mode:
(Page 14 of 84)  < Prev  9 10 11 12 13 14 15 16 17 18 19  Next >
Re: Anyone know of a free Gutmann file deletion tool for Windows which can run from removable media? 2006-06-14
Simson Garfinkel (simsong acm org)


Hi. For starters, I strongly advise you not to use the Gutmann
patterns. They're overkill, they take up too much time, and as a
result, many people don't sanitize media that they should be sanitizing.

DBAN works really well (dban.sourceforge.net).
Eraser also works really well. I don't under

[ more ]  [ reply ]
Recommendations for hardware for imaging external drives 2006-06-14
Michael Edwards (medwards digital-legal com)
Greetings to the list -

I'm wondering what folks use, or would recommend, for imaging
external drives in the field. I am currently using a Solo III
Forensic for imaging drives, and it has been a pleasure so far when
imaging IDE, SATA and SCSI drives. It does have a few quirks, but
generally is

[ more ]  [ reply ]
Anyone know of a free Gutmann file deletion tool for Windows which can run from removable media? 2006-06-06
Robertson, Seth (JSC-IM) (Seth Robertson-1 nasa gov) (1 replies)
Here's a brief history of what I tried and how each solution hasn't fit
my requirements. I considered the Forensics Acquisition Utilties wipe
but it's a one-pass wipe intended only for full sanitization but not
data destruction. From what I can tell, Berke Durak's wipe
(http://abaababa.ouvaton.org

[ more ]  [ reply ]
Forensic memory dumping intricacies - PhysicalMemory, DD, and caching issues 2006-06-01
Arne Vidstrom (arne vidstrom ntsecurity nu)
Summary:

Memory dumping tools that use the PhysicalMemory device in Windows XP
can be blocked by allocating memory buffers with special memory types.
In older versions of Windows the tools instead could possibly cause
cache incoherence with some processor types, or other adverse side
effects. T

[ more ]  [ reply ]
Results from recovering files from RAID 0 set 2006-05-31
pentesticle yahoo com
Hey list,

I wanted to thank everyone for their helpful responses to my previous question and wanted to give a reply as to how things worked out.

I was able to recover the RAID 0 set in full including the MBR. Granted the data is not presentable in court due to the unknowing person

[ more ]  [ reply ]
analyzing pagefile.sys 2006-05-30
Stefan Kelm (stefan kelm secorvo de) (3 replies)
Folks,

are there tools other than grep, strings, etc. that
allow me to analyze a windows swap file (pagefile.sys)?

Cheers,

Stefan.

--------------------------------------------------------
Stefan Kelm
Security Consultant

Secorvo Security Consulting GmbH
Ettlinger Strasse 12-14, D-76137 Karlsruh

[ more ]  [ reply ]
RE: analyzing pagefile.sys 2006-06-02
A.Hakan EKIZER (turkishcybercop gmail com)
Re: analyzing pagefile.sys 2006-06-02
Eagle Investigative Services, Inc. (info eaglepiservices com)
RE: analyzing pagefile.sys 2006-06-02
Anatoly Alexei Pedemonte Ku (apedemonte gmail com)
ebankingsecurity - updated sections 2006-05-29
Dr Anwar (noreply ebankingsecurity com)
Dear All

I would like to inform everyone that we have added the following sections
to ebankingsecurity.com which provide some useful information to all:

1. Forensics
2. Design Principle.
3. News section

We will soon be adding a new section on a new Risk Management Internet
Bank application as cur

[ more ]  [ reply ]
FW: SMART disk images 2006-05-19
David Harper (david harper thermon com)


-----Original Message-----
From: Jason Conley, CPP, CCE [mailto:newsgroups (at) digitalforensics (dot) ca [email concealed]]
Sent: Wednesday, April 26, 2006 9:51 PM
To: 'Chad W. Davis'; forensics (at) securityfocus (dot) com [email concealed]
Subject: RE: SMART disk images

Chad - FTK Imager will. And it's free!

Cheers, Jason

Jason Conley, CPP, CCE

[ more ]  [ reply ]
Prelink and changed files on Linux 2006-05-19
Pfeilsticker, Martin (Martin Pfeilsticker colt net)
Hello,

During an incident, we discovered that some Linux binaries (ls, ps,
etc.) are changing in size and md5sum over time,
even on a fresh install. This was noticed on a fresh clean install of
Redhat Enterprise 4, but other systems could be affected as well.

At first we suspected malicious activ

[ more ]  [ reply ]
Analyzing disc 2006-05-18
zoraya nerdshack com (1 replies)


Is there any feasible way of analising a disk that has the whole Operating
System encrypted,
using Compusec?

http://www.ce-infosys.com.sg/CeiNews_FreeCompuSec.asp

There is no USB token only a password, unless there is a backdoor and the
company is
willing to facilitate it, it seems unlikely

[ more ]  [ reply ]
RE: Analyzing disc 2006-05-19
Omar A. Herrera (omar herrera oissg org)
DIMVA 2006 - Call For Participation 2006-05-17
thomas suse de (Thomas Biege)


Sorry, if you receive multiple copies of this Call for Participation.

======================================================================
CALL FOR PARTICIPATION
======================================================================
######## Early Bird Rates available

[ more ]  [ reply ]
e-crime and computer evidence 2006 conference 2006-05-15
Angus Marshall (angus n-gate net)
Reminder - the final deadline for submissions for ECCE2006 is Monday 22nd May.

Full details of the Call for Papers & Venue are at the conference website :
http://www.ecce-conference.com/

General topic areas include : forensic techniques, legal issues,
criminological issues, evidence presentation

[ more ]  [ reply ]
Re: Tracking moved files? 2006-05-12
Bill Wittmer (wr wittmer1 verizon net)

"Bill Wittmer" <wr.wittmer1 (at) verizon (dot) net [email concealed]> wrote in message news:...
If you think this is an ongoing problem and a security issue you could you
could monitor the data flow in the future to the USB Device with USBSnoop
http://sourceforge.net/projects/usbsnoop. This software logs the data flow
bet

[ more ]  [ reply ]
RE: cmd.exe hack 2006-05-12
Beauford, Jason (jbeauford EightInOnePet com)
Wim Remes wrote:
> James,
>
> you should do this through the at command in a command prompt.
> Through the GUI you're required to submit a user. this is no
> requirement for the at command.
>
> syntax :
> C:\>at 21:31 cmd.exe
>
> This is not a 'real hack' since you already need sysadmin rights

[ more ]  [ reply ]
RE: cmd.exe hack 2006-05-12
Brian Azzopardi (brian gfi com)

Google for cmdasuser.exe. Then from the commandline: cmdasuser localsystem

-----Original Message-----
From: Wim Remes [mailto:Wim_Remes (at) msp (dot) be [email concealed]]
Sent: Thursday, May 11, 2006 8:50 PM
To: James Zaros
Cc: forensics (at) securityfocus (dot) com [email concealed]
Subject: RE: cmd.exe hack

James,

you should do this through the a

[ more ]  [ reply ]
Question on CD-ROMs and Cache 2006-05-12
Sol Invictus (sol haveyoubeentested org) (1 replies)
Hypothetical question here.

If we have a CD with multimedia on it. We have reason to believe that
it was accessed on a certain PC. What type of evidence would we find on
the PC running XP Service Pack 2?

Am I right on the following?

1. If a graphics directory is displayed using thumbnails.

[ more ]  [ reply ]
Re: Question on CD-ROMs and Cache 2006-05-12
Tim (tim-forensics sentinelchicken org)
RE: cmd.exe hack 2006-05-11
Wim Remes (Wim_Remes msp be)
James,

you should do this through the at command in a command prompt. Through the GUI you're required to submit a user. this is no requirement for the at command.

syntax :

C:\>at 21:31 cmd.exe

This is not a 'real hack' since you already need sysadmin rights to perform this action.

--

[ more ]  [ reply ]
(Page 14 of 84)  < Prev  9 10 11 12 13 14 15 16 17 18 19  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus