You may or may not have noticed, but some changes have taken place over the weekend. The complete list archives have been obtained (thanks to all who...
I'm thinking of splitting up my evidence files (some in excess of 20G) and burning them to DVD. I know I can divide them up easily using dd, however, my...
You can divide your evidence file with the command: split -b 4700m ImageName SplitImageName_ That will give you mutiple files named SplitImageName_aa, _ab, etc...
Kelly.H.1@...
Sep 4, 2003 9:28 pm
113
Hi All, I am glad to see the old list back and recieved several messages from Brian in reference to making one list. This seems to be a step in the right...
Hi all, I'm interested in searching for deleted Outlook mail messages. For example, I send a message, then delete the message from the Sent Items folder, and...
I usually do a grep search looking for email addresses in unallocated space, then look at whats there. You can usually find most all you will need that way ...
I am a newbie to GNU/Linux, interested in Information Security, IDS and forensics. I am thinking of doing a project in forensics. One of the options I am...
Hello, I think such a project is a good idea to learn many thinks about networking and how it works (I'm also interested on such things, but have no so much...
Check out the Honeynet Project. http://project.honeynet.org/ ... -- Dave Dittrich Computing & Communications ...
Dave Dittrich
dittrich@...
Sep 8, 2003 2:14 am
119
I think what he's talking about is more akin to TDR than honeynet.... traffic data retention, something which is a very very hot topic in Europe at the moment ...
... Great idea from a security standpoint. However, Ethereal does this already. It doesn't do it automatically, but with a couple of clicks I can view a whole...
K Murphy
maillist@...
Sep 8, 2003 11:28 am
121
Rich, I should have been clearer. I'm looking for email from email addresses, that we possibly don't know. Temporary Outlook/Express accounts. Has anyone had...
I've found old remnants of outlook email accounts in registry HKCU/ (and HKLM and HKUsers)Software/micorsoft/protected storage system provider. But this is...
Here's my goal, I take a webpage and create a PDF from it (locking the date/time/address etc. that the page was present). Easy enough, now I want to traverse...
... "Traffic data retention" is nothing more than logging of connection information (what is covered by the Pen/Trap statutes in US law.) That is to say, it...
Dave Dittrich
dittrich@...
Sep 8, 2003 4:52 pm
125
Copy the text below into notepad. Save as Dumpster.reg. Double click the file to run. If Outlook is open when you run the file, close then reopen. The...
Tony, That's what I was saying. Do a GREP search in unallocated space looking for the pattern of an email address xxx@...(or .gov, .org, .edu) should ...
... Yours look good to me,, and can be adapted easily.. Different level domains won't be hit upon but, yes,, your above I will definitely like to use. Thank...
Rich, Thank you for posting that, however, I'm about to display my own ignorance. I'm not used to using grep commands. Would you be kind enough to post the...
I purchased a read only Firefly ( basically a write blocking Firewire to ATA adapter), and a Firewire PCI Card,(Compusa Model) The card is supported (according...
I have a similar issue with RedHat v9.0. I have two types of firewire cards that are supported. On my initial boot, I go to the command line and type fdisk -l...
http://www.ontrack.co.uk/dataeraser/keyfeatures.asp No idea if it works. Just passing along for reference. They just announced EasyRecovery EmailRepair (cost...
I've found that just rmmod'ing and modprobe the sbp2 module is sufficient to detect a newly attached firewire drive. I've had some bad experiences with the...
... John, On another forum, I came across the following: Apparently setting the following helps: # modprobe sbp2 serialize_io=1 I haven't tried it - nor do I...
To The Collective Group, I have the necessity to preserve and restore two raid servers with 6 drives each. The first is running on a Unix platform and the...
Randall Shane
rshane@...
Sep 11, 2003 2:45 pm
138
1) Image the physical devices constituting the array. (ie /dev/hda, /devb/hdb, etc.) 2) Use losetup to associate each image with a loop device. 3) Create a...
Having problems with message search?
Fill out this form to ensure your group is one of the first to be migrated to the new message search system.
