I am dual booting to a 15 gig hd with Windows 2000 and RH9. I do not use a boot loader, instead I use a bootable floppy. My floppy no longer works and I need...
... Man, I love Debian but always rely on SuSE for these things. Download the boot ISO of the latest distro from an official mirror, for instance here: ...
Luis Gómez
lgomez@...
Dec 2, 2004 5:28 pm
1084
... I'm in total agreement with you Blare,, understood you all the way.. It's that doubt aspect which should be eliminated for Law Enforcements standing in...
I would try booting from the first RH9 install CD. Your CD has to be selected before your hard disk in your computer's boot sequence. If you can get this to...
Ian, My theory with this is pull the plug - or in the case of two machines I will be imaging on Monday, that I KNOW will be powered up when I get there, I'll...
Pull the plug. The reason as I understand this is that there are many programs that execute with the system is shutting down that destroy user activity. The...
... LE ... whenever ... In your opinion, should LE perform live system analysis? With regards to powering down dilemma, I'd be more concerned with knocking out...
... That depends on what you have available as a resource, and the situation of the particular scene. Take a simple crime involving someone with a home...
Quoting: "blare_sutton" ... The substantive issue is whether or not LE in Ian's case should have done anything without taking a hash of the drive.... which...
... No I don't Edna. LE's current methods for analysis should remain the same. I'm only interested in them providing a hash of a drive on the receipt they give...
In an ideal world, the ideal would be to have a device with write- blocked readers for every form of electron storage media out there that will catch a MD5...
Arguably, if you "cut the power" there are many things that you will not be able to KNOW. All contemporary computer systems have the ability to run process' in...
Yesterday someday handed me an email and asked if I could prove if the message was authentic. I combed through the headers. After an hour I had a pretty good...
RFC 2822, the Internet Message Format and its predecessor RFC 822 both dictate what the headers *should* be and what they *should* contain. Different email...
Those example headers won't be enough to start with unfortunately. The first step would be to look at the email address and then the first 'received line' for...
I believe you forgot to post your solution to this problem. It might help others in the field if, when you identify an issue, to also post the solution so...
herein lies the primary difference between traditional "data forensics" and traditional "Incident Response". A prerequisite to a solution would be the ability...
Andrew, I agree with you. The ICAC Task Force Technology Committee is researching a continuum of acceptable responses based on many factors including...
Hi Flint - Good to see that ICAC is at the fore and considering/examining these things. I've worked on a few cases recently where those avenues were explored...
It usually isn't as big an issue when dealing with the traveler cases since we find the guy at the burger king with a box of condoms and a teddy bear. It does...
I hope to have the training schedule for 2005 online before the end of next week. There have been several nifty enhancements to the software and the curriculum...
The team at Vital Data have released the latest version of FoRK (1.0.2) as a pre-Christmas present for everyone in the computer forensics community. The new...
Sounds familiar, this is precisely the defence introduced by the "hacker" Aaron Caffrey. The trojan virus that was used to attack the computers of the Port...
I've a case where the client received an email. He responded to it something like " I love you too " Of course the email he received was a virus infected email...
Folks, Looking for a little help here. Recently, our Task Force had started using digital imaging in some of it's drug cases. They stored the photos on a...
Having problems with message search?
Fill out this form to ensure your group is one of the first to be migrated to the new message search system.
