Alan, I would take a look at this class: SANS Security 606: Drive and Data Recovery Forensics <http://www.sans.org/training/description.php?mid=1237> . I have...
Stacey -- The described *simple data recovery* is a very risky procedure if the evidence in the information recorded on the hard drive is truly important. Why...
Steve Fowler
sfowler@...
Aug 25, 2009 7:16 pm
3130
Steve,
My actual background is Data Recovery, as is that of some of the best forensic experts out there. Before there even was a computer forensics field,...
Daniel, Adam (AU - Sy...
addaniel@...
Aug 27, 2009 10:57 pm
3131
I think her point was more along the lines of pointing out that you can try to 'recover' data using common tools like dd-rescue or targeted file copies and if...
... Alan, All the comments you've gotten so far are on point. If what your looking for is low cost or no cost tools your in for a rude awakening. Most of these...
Hi, I had a debian lenny machine in our office lab back in July. I let one of my coworkers login to it, and he subsequently left the company later that month....
Hi Mike, Depending upon the underlying file system you could have a bit of work ahead of you. The link below describes the structure and detailed information...
The Register - LinuxCon 2009: Does Linux desktop even need to be popular? There are, shall we say, differing options among the open source cognoscenti gathered...
Hello, I am new to this field. I am trying to learn my way into the world of computer forensics, and as such, I have a "real-world" need for the tools...
The fastest/easiest way to do it will just be power down the machines, put the hard drives in the Debian machine and use dd. Putting all the drives on the...
Hello Gents, Maybe I am not seeing the proverbial "Schwartz" here, but once you have the image how are you going to go about and try and find the key logger?...
Don If I were you I would start your adventures at http://www.linuxleo..com and read the introductory guide available there! It will give you some answers but...
... I must admit I was thinking of the same thing. Are you going to examine your machines for evidence of malware? You mention that you want to see if...
I'd suggest using some basic timeline analysis to see what that turns up. If there is a file being written to log keystrokes, it should lite up in a timeline....
... Hash: SHA1 Don, The important part is to get an image as early as possible. I wouldn't worry too much about the method you use to image. There has been...
Hi All, Recently I came across a firefox plug-in named Tamper Data. And during its trial run i found that it is easy to tamper even encrypted data using this ...
Jacques, Thank you for the honest response and warnings. I realize there are some real issues with trying to hunt this down, however, since I have been...
Although I normally don't top post, I suspect that is probably more practical in your case. Not sure if the accessibility software properly skips to the...
Hi farmerdude I am looking for a feature in web server that is it possible to IDENTIFY about status of data. I mean that weather it is system/browser...
Hi all, Please forgive the cross-posting. I am trying to find any information on MS office metadata, and how to extract it. Is there a spec available for...
Payne Consulting's Metadata Assistant for versions of Office prior to 2007. Make sure that you have Office 2003 installed not Office 2007 and don't convert...
If you are into Perl programing, look at Harlan Carvey's Perl mod File::MSWord and see: http://windowsir.blogspot.com/2006/09/metadata-and-ediscovery.html you...
I use libextractor for traditional MS Office files and custom-written tools for the XML-based file formats. You may also find this interesting: Garfinkel, S.,...
Hi, folks ! What ssdeep hashset do you use to sort/filter a forensic image ? NSRL doesn't have it, yeah ? []s -- Tony Rodrigues, CISSP, CFCP Forense...
Today was born Caine 1.0, new tools, new mounting policies (safer), new patch....enjoy it! http://www.caine-live.net/ bye ... Dott. Nanni Bassetti Consulente...
Having problems with message search?
Fill out this form to ensure your group is one of the first to be migrated to the new message search system.
