Forensics Mode:
(Page 4 of 84)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
Patchlevel 2 release open computer forensics architecture. 2007-11-16
Rob Meijer (capibara xs4all nl)
The new 2.0.6pl2 release of the open computer forensics architecture
(ocfa) has been put on sourceforge. The most important patches are:

* More strict configure scripts.
Fixes in configure for 64 bit (suse) platforms.
* Aditional rulelist for SLES 9, to work around the
problem that unzip is com

[ more ]  [ reply ]
Converting an external hard drive enclosure into a write blocker? 2007-11-14
Tom Yarrish (tom yarrish com)
Hash: SHA1

Hey all,
I wanted to find out if there was a method to convert an external
hard drive enclosure into a "cheap" write blocker device? I'm not
looking for something to use from a forensic standpoint. Basically
if I want to put a hard drive into an

[ more ]  [ reply ]
RE: Forensics on Terminal Server Client 2007-11-10
Mike Theriault (Mike_Theriault Jabil com) (1 replies)
It's probably compressed so in that case you probably wont find any header information.

Mike Theriault
Security Enginer

[ more ]  [ reply ]
Re: Forensics on Terminal Server Client 2007-11-13
TheGesus (thegesus gmail com)
CanSecWest 2008 CFP (deadline Nov 30, conf Mar 26-28) and PacSec Dojo's 2007-11-09
Dragos Ruiu (dr kyx net)
I'd like to congratulate Adam Laurie for winning the second Powerbook
from the Pwn_to_Own contest as the prize for the best speaker rated
by the audience for his presentation on RFID at CanSecWest 2007.
We will have a similar prize for the best speaker at CanSecWest 2008,
prize TBD (but we promise i

[ more ]  [ reply ]
Log in as administrator with live data collection CD? 2007-11-07
Matthew Webster (awakenings mindspring com) (1 replies)

I am almost finished creating a live data collection forensic CD, but I've noticed it is slow (20 minutes when it should be 3-5 minutes) when running on computers that are not logged in as administrator. I could use PSexec or runas or something to log in as administrator, but I have a c

[ more ]  [ reply ]
Re: Log in as administrator with live data collection CD? 2007-11-11
Kelly Keeton (kellyrkeeton gmail com)
CFP: 2008 ADFSL Conference on Digital Forensics, Security and Law 2007-11-07
Glenn Dardick (gdardick dardick net)
* * * C A L L F O R P A P E R S A N D P R O P O S A L S * * *
Dear colleagues:

The ADFSL 2008 Conference on Digital Forensics, Security and Law

[ more ]  [ reply ]
Call For Papers - DFRWS 2008 2007-11-06
Baker, Dave (bakerd mitre org)
Call for Papers
The 8th Annual DFRWS Conference (DFRWS 2008)
August 11-13, 2007
Baltimore, MD, USA
dfrws2008 <at> dfrws <dot> org


[ more ]  [ reply ]
In Memoriam: Jun-ichiro Hagino 2007-10-30
Dragos Ruiu (dr kyx net)
With great sadness, I regret to inform you that Itojun
will not be presenting his great knowledge of IPv6 at
PacSec. I have been informed by several sources
that he passed away yesterday.

Funeral services will be held on Nov 7th at Rinkai-Saijo
in Tokyo. There aren't many details of his passing,

[ more ]  [ reply ]
Forensics on Terminal Server Client 2007-10-30
gamgamus yahoo com (1 replies)
Hello all,

I was looking for a tool to view or analize the bcache22.bmc file (Bitmap Caching for Terminal Server Client)

Any help will be very helpfull!



[ more ]  [ reply ]
RE: Forensics on Terminal Server Client 2007-11-05
Sanabria, Adrian (Adrian Sanabria novainfo com)
Re: Cryptcat and Forensics 2007-10-29
forensics mialta com
I will try and post my reply again

You just need to pipe the output of dd straight to cryptcat.

Check out the info here



[ more ]  [ reply ]
Re: Cryptcat and Forensics 2007-10-25
hackman venus dti ne jp
Hi, Matt!!

I've not used Cryptcat for Forensic use but I think that problem is becouse the target drive will be same directory location with a file that you say.

It could be configured other current, isn't it?

I will try them all, too.

Give me a time.

Hiroaki Kondo

Network Security Consu

[ more ]  [ reply ]
Re: file logging 2007-10-25
hackman venus dti ne jp
Hi, List!!

At first, you should not use SMB but use IIS WevDAV file sharerings. That make log more fine.

And secondary, you should do to edit domain policies with OU to prevent from using media connect and copying files to external strages.

Finally, deploy secure contents management system and

[ more ]  [ reply ]
Re: USB devices with internal memory 2007-10-25
hackman venus dti ne jp
Hi, Michael!!

Your opinion is very good to me.

Windows and other OS's architecture take that devices via USB as HID or external disk drives.

And so, this case, I think about it USB as disk controler.

My method is sniff USB traffic using tools just like SnoopyPro-0.22.

Or I check it using di

[ more ]  [ reply ]
Re: Outlook e-mail download period? 2007-10-25
hackman venus dti ne jp
Hi, zoli!!

You can find it out on hdd named "pop3log.txt"

But that is not be set audit by default.

Find it out from M$ support knowledge base;


kbhowto kbinfo KB240347 KbMtja kbmt

kbhowto KB177878 KbMtja kbmt

Hiroaki Kondo

Network Security Consultant in Japan

hackman a venus.d

[ more ]  [ reply ]
Cryptcat and Forensics 2007-10-11
Matthew Webster (awakenings mindspring com)

I am experimenting with setting up a forensics box. I have a linux box with Cryptcat installed. I am creating a windows forensics disk to connect into the forensics box from anywhere. I found how one could copy files using cryptcat, but it requires making a file. Obviously you don't wan

[ more ]  [ reply ]
Outlook e-mail download period? 2007-09-26
kincses zoli (kincses caesar elte hu)
Dear Experts,

where is stored on a Win98 disk the time interval of e-mail download in

is there any log about e-mail download time (e.g. it was automatic or
initiated by user click)?

thank you any useful info in advance,


[ more ]  [ reply ]
Re: Not constant sha1sum 2007-09-17
Paul Vidonne (vidonne vidonne fr)
Hello All,

Thanks for all your good advices. The issue is probably a bad hardware.

File are stored on a EXT3 partition on a server running Linux Fedora.
When I compute with Linux (through ssh, then with server resources)
I have a bad result.
When I compute these same files situated on the same se

[ more ]  [ reply ]
ECU - Australian Security Conferences - CFP Extended until 30th September 2007-09-16
Craig VALLI (c valli ecu edu au)
Hi All
A note to say that the CFP for papers for the 3 security conferences and
the TILC conference is extended until 30th September. Also we are trailling
virtual papers this year @ $300 per paper. You will be reaquired to produce
and submit an accompanying powerpoint/presentation (preferably with

[ more ]  [ reply ]
Re: Not constant sha1sum 2007-09-10
jhill inicom net
If I'm reading your post correctly, you have an entirely Linux system (NOT mounting a remote SMB filesystem) that when you perform a SHA1Sum on a file you're getting different hashes? There are only a few things I can think of that would cause this:

1.) The file is changing but it's unlikely give

[ more ]  [ reply ]
Not constant sha1sum 2007-09-08
LERTI - Paul Vidonne (paul vidonne lerti fr) (4 replies)
Hello all !

Does smb met the following issue : several hash for an
unique file ? Of course a big one (4 GB). OS is Linux
Fedora. File system EXT3 mounted on a SATA RAID-5 on Adaptec

Could you enlighten me ?

Exemple :
[root@spica acquisit]# sha1sum -b 07667-SDH-dd.001

[ more ]  [ reply ]
Re: Not constant sha1sum 2007-09-10
Greg Freemyer (greg freemyer gmail com)
Re: Not constant sha1sum 2007-09-09
Morgan Reed (morgan s reed gmail com)
Re: Not constant sha1sum 2007-09-09
Valdis Kletnieks vt edu
Re: Not constant sha1sum 2007-09-08
Isaac Perez Moncho (suscripcions tsolucio com)
Another Oracle Forensics Paper... 2007-08-16
David Litchfield (david databasesecurity com)
Hey all,
For anyone that's interested I've just posted another paper entitled "Oracle
Forensics Part 6: Examining Undo Segments, Flashback and the Oracle Recycle
Bin". You can get this and other papers on Oracle forensics from
David Lit

[ more ]  [ reply ]
Volatility Framework 1.1.1 (GPL) 2007-08-13
AAron Walters (awalters 4tphi net)

The Volatile Systems team is pleased to announce:

The volatile memory extraction utility framework:
Volatility Framework 1.1.1

The Volatility Framework is a completely open collection of tools, implemented
in Python under the GNU General Public License, for the extraction of digital
artifacts f

[ more ]  [ reply ]
New Oracle Forensics Paper 2007-08-10
David Litchfield (david databasesecurity com)
Hey all,
I've just posted a new paper on Oracle Forensics and my Black Hat
presentation to
The new paper is entitled "Oracle Forensics Part 5: Finding Evidence of Data
Theft in the Absence of Auditing" and explores some of the ideas I discussed

[ more ]  [ reply ]
(Page 4 of 84)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


Privacy Statement
Copyright 2010, SecurityFocus