Forensics Mode:
(Page 16 of 84)  < Prev  11 12 13 14 15 16 17 18 19 20 21  Next >
SMART disk images 2006-04-19
Chad W. Davis (chad davis backbonesecurity com)
Does anyone know of any good applications that will create SMART images of

Chad W. Davis, CCE
Computer Security Engineer
Backbone Security.Com
320 Adams Street, Suite 105
Fairmont, WV 26554
Tel: 304-333-2028
Fax: 304-366-9163

Steganography Analysis and Resear

[ more ]  [ reply ]
RE: Analysing a Windows registry from Linux or another Windows system 2006-04-18
Greg Kelley (gkelley vestigeltd com)
I've used AccessData's Registry Viewer and Encase. I'm sure there are other applications out there. I also believe you can open the files from a working Windows computer using the Registry Editor (regedit.exe).

Greg Kelley, EnCE
Vestige Digital Investigations
Computer Forensics | Electronic Disco

[ more ]  [ reply ]
wipe patterns 2006-04-20
sec mail (s3c mail gmail com)

Has anyone come across wipe patterns such as these on a Windows host


83977Uabcdefghijklmnopqrstuvwxy z






[ more ]  [ reply ]
Re: Analysing a Windows registry from Linux or another Windows system 2006-04-20
nickpuetz yahoo com
Right now, there are not too many (if any) freeware tools available to view the registry. Pay tools such as Encase or FTKs Registry Viewer are probably your best option.

[ more ]  [ reply ]
RE: Analysing a Windows registry from Linux or another Windows system 2006-04-17
Bobby Smathers (bsmathers reypd com)
Keep in mind:

Registry files can't be read with standard text editors.
USER.DAT file corresponds to HKEY_LOCAL_USER

HKEY_LOCAL_MACHINE is the hive where the information specific to the machine will be stored. The information may include, network setting

[ more ]  [ reply ]
Re: RE: Problem using dd to clone a hard disk with bad sectors. 2006-04-17
forensics peoplepc com
SOS by DTEC is a Sector by Sector Image based application. It will copy every part of the suspect drive to another HDD or multiple DVD or CD. You can learn more about it at I have used this application on many of my suspect drives and have had no problems with it. The company ass

[ more ]  [ reply ]
MBR deleted 2006-04-17
jgmarec gmail com
Hi everybody,

I deleted by error the MBR of my hard disk. When it happens, I though that I could repair it making FDISK /MBR instruction, but I'm wrong. And now I have a hard disk that appears as not partitioned (I had 3 partitions) and where I can't do anything.

I saw in the Internet some utiliti

[ more ]  [ reply ]
Call for Papers DFRWS 2006 Reminder 2006-04-14
Baker, Dave (bakerd mitre org)
Just a note to remind you that the CFP for the Digital Forensic
Research Workshop 2006 will end on 21 April (one week from today).
For details on the CFP or DFRWS 2006, go to:

Hope to see you at DFRWS 2006.

[ more ]  [ reply ]
Analysing a Windows registry from Linux or another Windows system 2006-04-11
Rikard Johnels (rikard j rikjoh com) (2 replies)
I have been set to analyse two windows registry files from a compromised Win98
system. All i am given is the user.dat and system.dat files from the
recovered disk.

How can i read these files and recover data from them?
Especially we need the ISP settings (Modem. It has no network card) to

[ more ]  [ reply ]
Re: Analysing a Windows registry from Linux or another Windows system 2006-04-17
Ansgar -59cobalt- Wiechers (bugtraq planetcobalt net)
2006 Digital Forensic Research Workshop 2006-03-29
Baker, Dave (bakerd mitre org)
Third try to get this posted on the list...

The call for papers for the 2006 DFRWS is located at:

The 6th Annual Digital Forensic Research Workshop (DFRWS 2006)
August 14-16, 2006
Purdue University
Lafayette, Indiana, USA

The purpose of this worksh

[ more ]  [ reply ]
ForensicsWiki.Org 2006-03-29
Simson L. Garfinkel (simsong acm org)
The Forensics Wiki ( has been slowly growing
since we first brought it online. There's a growing amount of content there
regarding forensic tools, file systems, formats, forensic service companies,
and other information.

All readers of this list are invited to click

[ more ]  [ reply ]
Re: changing file access times 2006-03-27
bsmathers reypd com
Here are a few, although I haven't used them:

febooti fileTweak



[ more ]  [ reply ]
Conference on Digital Forensics - April 20-21, Las Vegas 2006-03-25
Glenn Dardick (gdardick dardick net)
Dear colleagues:

I invite those of you with an interest in the curriculum and research of
Digital Forensics, as well as its relationship to Information Assurance
and Law, to attend the Conference on Digital Forensics 2006 as follows:

Conference on Digital Forensics 2006
April 20-21, 2006

[ more ]  [ reply ]
changing file access times 2006-03-21
Stefan Kelm (stefan kelm secorvo de) (4 replies)

are there any tools other than NirCmd which allow me to change
last_write_time, creation_time or last_access_time of any given
NTFS file?



Stefan Kelm
Security Consultant

Secorvo Security Consulting GmbH
Ettlinger Stra

[ more ]  [ reply ]
RE: changing file access times 2006-03-23
Maxime Ducharme (mducharme cybergeneration com)
Re: changing file access times 2006-03-22
Ansgar -59cobalt- Wiechers (bugtraq planetcobalt net)
RE: changing file access times 2006-03-28
Stefan Fleischmann (mail x-ways com) (1 replies)
RE: changing file access times 2006-03-28
Matthew Mucker (Matthew Mucker microsoft com)
Re: changing file access times 2006-03-23
Technica Forensis (forensis technica gmail com)
CanSecWest/core06 Vancouver April 3-7 2006-03-08
Dragos Ruiu (dr kyx net)
The call for papers is now closed and the proposals have been reviewed
for the CanSecWest/core06 Applied Technical Security Conference held
on April 5-7 2006 at the Mariott Renaissance Harbourside in Vancouver,
B.C. Canada.

The selected submissions are :

An hour of Rap and Comedy about SAP - St

[ more ]  [ reply ]
RE: IE temporary files of wbk###.tmp 2006-03-07
Bobby Smathers (bsmathers reypd com)
Outlook Express created files. When OE creates a zero byte file for every message read, it also creates a wbkxx.tmp along with it each time. 1 for each message just read along with a time stamp of when it was read. Them I believe they are also created each time "save" is used when working on a new e

[ more ]  [ reply ]
Windows physical memory analysis 2006-03-05
keydet89 yahoo com

[ more ]  [ reply ]
IE temporary files of wbk###.tmp 2006-03-03
Glenn Dardick (gdardick dardick net)
Does anybody know what IE temporary files of the format wbk###.tmp may be associated with? The ### is a number, but might also be hexadecimal - not just 0-9.

 Glenn S. Dardick, Ph.D.
 804-680-3038 (FAX)
 gdardick (at) dardick (dot) net [email concealed]
 Assistant Professor of Information Systems
 Longwood Uni

[ more ]  [ reply ]
Call for Papers 2006-03-01
Peter Stephenson (prstephenson comcast net)
Hash: SHA1


New in 2006, the Journal of Digital Forensic Practice is a knowledge
resource for practitioners of digital investigation, digital forensic
electronic fraud investigation, and cyber crime and cyber terror
investigation and analysi

[ more ]  [ reply ]
(Page 16 of 84)  < Prev  11 12 13 14 15 16 17 18 19 20 21  Next >


Privacy Statement
Copyright 2010, SecurityFocus