Is anyone on the list able to recommend an attorney in or near NJ who A: is knowledgeable about remote control of individual computers via Trojans, B: is...
Mileage may vary, based upon the exact syntax of your input file, whether you're looking for exactly John Doe in your example below, or whether you want ...
[The input file was not shown accurately. Corrected example follows.] Mileage may vary, based upon the exact syntax of your input file, whether you're looking...
I'm creating a list of clued and/or interested LEO's, who would like to be part of CLOSED/VETTED/PRIVATE online communities such as anti-botnets, anti-phishing...
Sounds like a delicate situation. You can try this site. http://www.findlaw.com/01topics/10cyberspace/index.html They have listings of cybercrime attorney's...
I've released a beta version of md5deep 1.6. This release adds whirlpooldeep to compute Whirlpool hashes and fixes a nasty bug affecting Windows systems...
Hello All, I have been tasked with researching and purchasing a duplication device for my group. I also plan to purchase one for myself as well. The two...
Question for the group. I just got an image from a 40Gb hard drive using Linux dd command. This took over 8 hours to run and I haven't even tried to restore...
... That's definitely a problem. USB 1.1 is hideously slow. I think it is rated at around 12Mb/sec. Real-world speeds are generally much slower than the...
... You can often get a speedup, and get around the errors-lose-too-much problem, by double-buffering. The first dd uses the drives native block size (so one...
... Nice idea. I actually wrote the AIR front-end that the helix drive capturing tool is based on. I must admit, though, the double-buffering that you speak...
... Something along the lines of: # dd if=/dev/sda conv=noerror,sync | dd of=/usr/local/forensic/sda.img bs=32k Play around with variations to see what works...
Have you tried the electronic frontier foundation? If they know anything, it's how to find a good lawyer. www.eff.org ... From: Steve Burgess...
Andrew Perez
sac78439@...
Apr 20, 2005 10:30 pm
1427
On 4/21/05 4:31 AM, "linux_forensics@yahoogroups.com" ... said "image" on the partition. Yes, the partition is what I was after in that case. Thanks for the...
... This might be a good way to keep from losing too much data on error, but I'd be surprised if it speeds things up much, because of the intermediate copy to...
This is not strictly a Linux question... A fellow (let's call him Ed) uses Outlook 2002 and stores his data locally (on his own computer) in California. The...
... We have an Image Masster Solo 2 -- is there a Solo 4? Don't know about the Logic-Cube MD5, but would like to hear people's experiences with the device. ...
I'm trying out Penguin Sleuth Kit, which I downloaded from here, http://luge.cc.emory.edu/forensics/penguinsleuth-07-05-2003.iso Judging by the filename, this...
When a FAT32 volume is mounted by Windows is any control information written to the drive that would indicate that the volume had been mounted? If this ...
It is the latest version. It still works very well. I am in the process of updating it. If you go to www.linux-forensics.com you will find several links to...
... Hard to recommend something that I havent tried out until next Thursday, but from what I've heard so far, the Farmer CD is the way you'll want to go: ...
Correct me if I'm wrong here,, but the Outlook PST file will retain all deleted emails even if they are deleted out of the deleted folder/box. When an archive...
Definitely not a Linux tool...but when there is a need, I believe in digging into the toolbox. Paraben's E-Mail Examiner is supposed to be one of the best for ...
Indeed, E-Mail Examiner has its uses. I've a licensed copy & I break it out from time to time, but I don't remember it telling me when an email has been...
Interesting idea - and one I hadn't thought about. I've never looked at the dates & times in the deleted mailbox to see if they gain a new date & time when...
Outlook emails will have a unique GUID. I've *heard* but never tested/confirmed that this GUID is partly made up of a time/date stamp. Could be rubbish, could...
Having problems with message search?
Fill out this form to ensure your group is one of the first to be migrated to the new message search system.
