Forensics Mode:
(Page 29 of 84)  < Prev  24 25 26 27 28 29 30 31 32 33 34  Next >
Re: Looking for a resource 2005-04-21
skill2die4 secguru com
Carvey :

> I'm looking for a forensics community resource (forum, webboard, etc)
> that's about the *exchange* of information. I was wondering if anyone
> on the list could make a recommendation.

Not a forum or webboard but, wikisecure is purely based upon *exchange* of
information on all domains

[ more ]  [ reply ]
Looking for a resource 2005-04-19
H Carvey (keydet89 yahoo com)


Hey, all,

I'm looking for a forensics community resource (forum, webboard, etc) that's about the *exchange* of information. I was wondering if anyone on the list could make a recommendation.

What I'm looking for is a resource dedicated to the exchange of information, where discussions are kept

[ more ]  [ reply ]
Re: fingerprinting servers--md5deep problem 2005-04-12
Jeff Bryner (jbryner1 yahoo com) (1 replies)
--- H Carvey wrote:
> You're probably right about the cause. Have you tried contacting the
> tool's author to see what possible resolutions there may be?

FYI: I'm working with Jesse to troubleshoot this. Nice to find a tool
author who monitors these lists and is responsive to issues! All hail
open

[ more ]  [ reply ]
Re: fingerprinting servers--md5deep problem 2005-04-14
Jesse Kornblum (research jessekornblum com)
DFRWS Paper Submission 2005-04-12
Gary Palmer (palmerg mitre org)
Hello All,

The DFRWS paper submission system is now on-line.
You can access the system in one of two ways:
1 - Go to http://www.dfrws.org and scroll down to Submissions in the
Call For Papers (CFP). The link is posted there
2 - Go directly to http://www.cs.uno.edu/WIMPE/forms/authpaper_reg.html
.

[ more ]  [ reply ]
Computer Security Mexico 2005 2005-04-11
David Jiménez Domínguez (djdsecurity gmail com)
========================================================================

Computer Security Mexico 2005

Palacio de Mineria
May 26th - May 27th, 2005

Mexico City, Mexico

=======================

[ more ]  [ reply ]
Re: fingerprinting servers--md5deep problem 2005-04-08
H Carvey (keydet89 yahoo com)
In-Reply-To: <20050406234211.51457.qmail (at) web51708.mail.yahoo (dot) com [email concealed]>

>My command line is (from the mount point of the smb share):
>smbmount# md5deep -r -l -of WINNT/* >> output.md5deep.txt
>
>Seems like it's hitting files that the server is changing or has
>locked. How do I work around this?

You're

[ more ]  [ reply ]
Re: fingerprinting servers--md5deep problem 2005-04-07
Jeff Bryner (jbryner1 yahoo com) (2 replies)
--- Tom Stowell <> wrote:
> Booting from a Knoppix CD is a way to work around the immediate
> symptom

Should have said in the first post that I'm aware of this option; but
I'm working on live servers that need to stay up.

I'm less concerned about 'missing' files that are bound to change
(appevent

[ more ]  [ reply ]
Re: fingerprinting servers--md5deep problem 2005-04-09
Jesse Kornblum (research jessekornblum com)
RE: fingerprinting servers--md5deep problem 2005-04-08
Jerry Shenk (jshenk decommunications com)
Re: Destroying filesystems 2005-04-07
Maurizio Trinco (maurizio_trinco yahoo com) (1 replies)
--- Valdis.Kletnieks (at) vt (dot) edu [email concealed] wrote:
> As a matter of fact, it's *not* quite redundant and
> obvious - it's *very*
> possible for the filesystem to be recovered to a
> consistent point, but the data
> be gone.
Sorry, but that was not the point in my case. Let me
reformulate the whole thing:

a) I'm lo

[ more ]  [ reply ]
Re: Destroying filesystems 2005-04-08
Brian Carrier (carrier cerias purdue edu)
Re: fingerprinting servers--md5deep problem 2005-04-07
Tom Stowell (jts deforest k12 wi us)
Booting from a Knoppix CD is a way to work around the immediate symptom, but the problem is that many of those files change constantly. I've yet to find an acceptable workaround to those locked files while fingerprinting a live system.

I'm actually working on a related project at the moment:

I'm u

[ more ]  [ reply ]
RE: fingerprinting servers--md5deep problem 2005-04-07
Reava, Jeffrey (jeffrey reava pfizer com)
Windows locks the registry files such as "WINNT/system32/config/default"
by design, so you won't be able to fingerprint them from a 'live'
machine.

They're also volatile, so without a more sophisticated solution such as
TripWire, you probably won't be able to account for the normal changes
that wil

[ more ]  [ reply ]
fingerprinting servers--md5deep problem 2005-04-06
Jeff Bryner (jbryner1 yahoo com) (3 replies)
I'm attempting to get a fingerprint of servers prior to putting them
into production (ports and file hashes) for use later if the servers
are compromised.

For file hashes I'm using md5deep on linux over an smbmount to a
windows server and keep running into this message on several files:

md5deep:

[ more ]  [ reply ]
RE: fingerprinting servers--md5deep problem 2005-04-08
Brian J. Bartlett (shadowjack compuserve com)
Re: fingerprinting servers--md5deep problem 2005-04-07
Ryan B. Lynch (rlynch bway net)
Re: fingerprinting servers--md5deep problem 2005-04-07
Bryan Hatter (bryan madhatter gmail com)
Re: how to simulate/insert a hard drive (physical) bad block error? 2005-04-05
cas maine rr com
If it's a FAT partition, the way to mark a sector as bad would be to use a disk editor to edit the FAT and enter the value FFF7 in both copies of FAT.

----- Original Message -----
From: Chris Harrison <chrisharrison.com.au (at) gmail (dot) com [email concealed]>
Date: Tuesday, April 5, 2005 9:11 am
Subject: Re: how to simulate

[ more ]  [ reply ]
Re: Destroying filesystems 2005-04-05
Maurizio Trinco (maurizio_trinco yahoo com) (2 replies)

--- Richard Bond <rbond (at) gs.washington (dot) edu [email concealed]> wrote:
> Or change the partition type, Boot a linux cd

As I was saying, I'd like to do this from within the
system, not by booting something else (it's going to
be a forensic exercise for my class and I want to keep
it as real as possible, to have an app

[ more ]  [ reply ]
Re: Destroying filesystems 2005-04-07
Valdis Kletnieks vt edu
RE: Destroying filesystems 2005-04-06
Evidence Technology (le evidencetechnology net)
RE: Destroying filesystems 2005-04-04
Beauford, Jason (jbeauford EightInOnePet com)
Something like this:

http://dban.sourceforge.net/

jmb

-----Original Message-----
From: Maurizio Trinco [mailto:maurizio_trinco (at) yahoo (dot) com [email concealed]]
Sent: Monday, April 04, 2005 10:03 AM
To: forensics (at) securityfocus (dot) com [email concealed]
Subject: Destroying filesystems

Hi,

Can anyone recommend a couple of utilities that w

[ more ]  [ reply ]
Destroying filesystems 2005-04-04
Maurizio Trinco (maurizio_trinco yahoo com) (2 replies)
Hi,

Can anyone recommend a couple of utilities that would
destroy[1] the filesystem[2] *from within*[3] the OS,
in order to simulate as realistically as possible a
situation where one would need to do incident handling
and forensic data recovery?

___________________________________________________

[ more ]  [ reply ]
Re: Destroying filesystems 2005-04-05
Alexander Klimov (alserkli inbox ru)
Re: Destroying filesystems 2005-04-05
Peter Parker (peterparker fastmail fm)
(Page 29 of 84)  < Prev  24 25 26 27 28 29 30 31 32 33 34  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus