Forensics Mode:
(Page 33 of 84)  < Prev  28 29 30 31 32 33 34 35 36 37 38  Next >
REVIEW: "Windows Forensics and Incident Recovery", Harlan Carvey 2005-03-07
Rob, grandpa of Ryan, Trevor, Devon & Hannah (rslade sprint ca)
BKWNFOIR.RVW 20041224

"Windows Forensics and Incident Recovery", Harlan Carvey, 2005,
0-321-20098-5, U$49.99/C$71.99
%A Harlan Carvey
%C P.O. Box 520, 26 Prince Andrew Place, Don Mills, Ontario M3C 2T8
%D 2005
%G 0-321-20098-5
%I Addison-Wesley Publishing Co.
%O U$49.99/C$71.99 416-4

[ more ]  [ reply ]
Re: Acquiring Large Raids 2005-03-07
Michael Cohen (michael cohen netspeed com au)
Hi List,
Handling raid arrays is not as scarey as it used to be:

http://pyflag.sourceforge.net/Documentation/articles/raid/reconstruction
.html

You can now operate directly on the array without the need to
reassemble it first... I usually image each disk using whatever makes
sense (logicu

[ more ]  [ reply ]
Autopsy vs. FTK 2005-03-04
Greg Freemyer (greg freemyer gmail com) (2 replies)
My company uses FTK as it's normal analysis tool, but we image in Linux.

One of the main reasons we use FTK is the indexed search capability,
but we all know FTK has had stability issues in the past.

I went to a SMART lecture Wed. and was told that SMART does not have
an indexed search capability,

[ more ]  [ reply ]
Re: Autopsy vs. FTK 2005-03-07
Brian Carrier (carrier sleuthkit org)
Re: Autopsy vs. FTK 2005-03-07
subscribe (subscribe crazytrain com)
RE: Acquiring Large Raids 2005-03-04
Andrew Shore (andrew shore holistecs com)
You may want to look at SAN technologies for such large data

www.emc.com should be a good start.

-----Original Message-----
From: Gosalia, Veeral [mailto:veeral.gosalia (at) fticonsulting (dot) com [email concealed]]
Sent: 04 March 2005 15:39
To: forensics (at) securityfocus (dot) com [email concealed]
Subject: Acquiring Large Raids

What are everyone t

[ more ]  [ reply ]
RE: Acquiring Large Raids 2005-03-04
Greg Kelley (gkelley vestigeltd com)
Imaging each drive separately should not damage the RAID. If you are
using the proper devices your machine will not write to the RAID while
imaging it.
Realize that if you do image each drive separately, you cannot let the
machine run (I'm assuming its mirrored or striped and therefore allows
you t

[ more ]  [ reply ]
Acquiring Large Raids 2005-03-04
Gosalia, Veeral (veeral gosalia fticonsulting com) (2 replies)
What are everyone thoughts/approaches on acquiring large raid arrays?

For example how do folks approach imaging a 1 Terabyte raid array
consisting of SCSI drives. I am somewhat reluctant of imaging each drive
separatly given the risk of damaging the raid. I generally prefer
inserting in a PCI IDE c

[ more ]  [ reply ]
Re: Acquiring Large Raids 2005-03-04
Greg Freemyer (greg freemyer gmail com)
Re: Acquiring Large Raids 2005-03-04
Volker Tanger (volker tanger wyae de)
New additions to E-evidence.info 2005-03-02
Christine Siedsma (csiedsm utica edu) (1 replies)
Greetings all!

I've just updated the E-Evidence.info site, and you can view all of the
new additions at http://www.e-evidence.info/new.html

Alot of great new resources.
Also, if you haven't visited the site in a while, last month, a page
dedicated to Cell Phone Forensics was added -
http://www

[ more ]  [ reply ]
Re: New additions to E-evidence.info 2005-03-04
Lance James (lancej securescience net)
RE: Recovering file slack 2005-03-02
OFD Land Schreiber, Dennis (DSchreiber ofdst thueringen de)
>Sleuthkit (www.sleuthkit.org) has this capability, as well as
>the ability to recover unallocated space. It's freeware.

Autopsy (www.sleuthkit.org/autopsy/index.php) is a GUI for the
Sleuthkit and also Open Source.

Sleuthkit and Autopsy can used on Windows (with CygWin) and Linux.

D. Schreibe

[ more ]  [ reply ]
eBanking Security Forensics Methodology Released 2005-03-01
peter ebankingsecurity com
Hello

A new ebanking security forensics methodology has been released on
www.ebankingsecurity.com

This work focuses on practical forensics security approaches and implementations
and is based on real world experience.

There is an option on the site to download this as a PDF.

The methodology c

[ more ]  [ reply ]
Recovering file slack 2005-02-24
Nick Puetz (nickpuetz yahoo com) (5 replies)


Does anyone know some good tools for recovering file slack? I have looked at tools such as GetSlack and M-Sweep, but was wondering if there are any other good tools available (preferable freeware tools). Thanks.

-----------------------------------------------------------------
This list is prov

[ more ]  [ reply ]
Re: Recovering file slack 2005-03-01
Chris Reining (creining packetfu org)
Re: Recovering file slack 2005-02-28
David Smith (david8igore hotmail com)
Re: Recovering file slack 2005-02-25
Philip Craiger (philip craiger gmail com)
Re: Recovering file slack 2005-02-25
Michael Cecil (macecil comcast net)
RE: Recovering file slack 2005-02-25
Jerry Shenk (jshenk decommunications com)
Re: SHA1 showing it's age 2005-02-22
bkfsec (bkfsec sdf lonestar org)
Kevin.M-ctr.Shannon (at) faa (dot) gov [email concealed] wrote:

>
> Barry,
>
> Your quoted conversation is hilarious.
> I think that I had the exact same conversation, regarding duplicate
> hashes, with a peer when I was in college.
> And it ended something like this...
>
> "Yeah, theoretically you could have a duplicate ha

[ more ]  [ reply ]
RE: SHA1 showing it's age 2005-02-20
Surago Jones (surago sjones co nz)

Heres my 2 cents worth when thinking about the possibilities of
modifications to hashed files, or images...

>H Carvey wrote...

>You're correct...what are the chances that an arbitrary file can be
>constructed to have both the same MD-5 and SHA-1 hashes as the file
it's >replacing, be the same siz

[ more ]  [ reply ]
(Page 33 of 84)  < Prev  28 29 30 31 32 33 34 35 36 37 38  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus