The Digital Forensic Research Workshop 2004 Final Report is now available at www.dfrws.org, and the DFRWS 2005 is scheduled for August 17 to 19, 2005. The 2005...
1670
Gary Funck
garyfunck
Aug 4, 2005 6:05 pm
I posted this query on the "other" Linux Forensics group, and ... I'm starting to see R-studio be mentioned more and more as file recovery software, and am...
1671
IanC
devorg
Aug 4, 2005 8:20 pm
... I've used many,, many,, and frequently test new versions and the R-Studio does come out tops most every time for data recovery including raid arrays. ... ...
1672
Melissa Royer
defender03102
Aug 4, 2005 8:26 pm
Another great one Restorer 2000 dirt cheap does a great job. ... From: "IanC" <saladin@...> To: <linux_forensics@yahoogroups.com> Sent: Thursday, August...
1673
Luis Gómez Miralles
lgomez@...
Aug 8, 2005 9:46 am
How about Ontrack Easy Recovery Pro? I have to admit that I've never played with R-Studio so I cannot compare, but EasyRecovery has always been fine for me....
1674
Atila Romero
atilaromero
Aug 8, 2005 11:08 am
I use R-Studio most times, but I would like to use a linux tool. The problem is that I am not aware of any linux tool to recover all deleted files at once. As...
1675
Jeff Bryner
jbryner1
Aug 8, 2005 4:31 pm
... files > one by one, not all at once (the same for autopsy). You can use a simple script to undelete all the files at once using sleuthkit. All on one line...
1676
Dave Dittrich
dadittrich
Aug 8, 2005 5:08 pm
... Get used to that. ;) The Unix philosophy is "do something simple, and do it well" and to use pipelining (as demonstrated in the last message) to do more ...
1677
Atila Romero
atilaromero
Aug 8, 2005 7:03 pm
Its far more simple than I thought! I have been using Windows for a while in my exams and now I am moving to Linux. Like you and Dave Dittrich suggested, I...
1678
fall_like_rock
Aug 8, 2005 9:38 pm
Does anyone have any experience with recovering data from tape? In specific, I am trying to recover a corrupt Arcserve session. Here's what I know: I am able...
1679
Gary Funck
garyfunck
Aug 8, 2005 10:40 pm
... In what way is the tape corrupted? Is the table of contents corrupted, a block in the middle of the tape? What sort of tape media is it (DAT, DLT)? Have...
1680
Gary Funck
garyfunck
Aug 8, 2005 10:55 pm
... I see that attachments aren't accepted on this list. Try this link: http://www.intrepid.com/~gary/src/copy_tape.c...
1681
Todd Colvin
datagrab
Aug 9, 2005 11:25 pm
It's old but it still has some good features. A more popular one right now is Helix available at http://www.e-fense.com/helix/. It has its own dd GUI interface...
1682
Brian Carrier
bdcarrier
Aug 10, 2005 4:39 am
... Actually, you can now skip the '-f ntfs' and you should now use 'icat -r'. For NTFS, the '-r' doesn't matter, but it is needed for TSK to start guessing...
1683
Jeff Bryner
jbryner1
Aug 10, 2005 3:49 pm
I'm on sleuthkit version 1.73, it hasn't been updated in the gentoo portage tree for some reason. I see the latest is 2.02, I'll have to update. But if I get...
1684
Brian Carrier
bdcarrier
Aug 10, 2005 4:16 pm
... If you are using 2.00+ with the autodetect feature, it could be: ils imagefile.dd | awk -F '|' '($2=="f") {print $1}' | while read i; do icat -r...
1685
C Marko
gonzarthegreat
Aug 12, 2005 5:18 pm
BackupExec will also read ArcServe formatted tapes, though I would imagine ArcServe itself would handle any error recovery when reading the contents much more ...
1686
Stevens R. Miller
bobhey2000
Aug 12, 2005 6:43 pm
Just FYI: If you use ArcServe, be sure to use the latest version you can get. Older versions of ArcServe will sometimes purport to restore a tape made by a...
1687
Dennis Borkhus-Veto
dbveto
Aug 15, 2005 8:13 pm
I would like to know what methods people are using to basline-verify computer systems. I want to put together a procedure that when a workstation or server are...
1688
Jeff Bryner
jbryner1
Aug 15, 2005 8:45 pm
... I just implemented a similar program. For each new server we: 1) md5sum all files 2) nmap scan for open ports 3) nessus scan for vulnerabilities 4) If...
1689
Dave Dittrich
dadittrich
Aug 15, 2005 8:48 pm
... Dennis, I don't mean to discourage you, but its going to be a little more complicated than that. You have to deal with several cases: Files that change...
1690
wrightstephenjohn
wrightstephe...
Aug 15, 2005 9:32 pm
I hope the following does not violate "too severely" the posting criteria for the board. I would just like to introduce myself and let "natural networking"...
1691
forensic28sa
Aug 18, 2005 5:53 pm
I am look to this list for experiences with the Services, software, or the partnership program of the Vogon International company. I hope to learn more about...
1692
Luis Salazar
Luis.Salazar@...
Aug 18, 2005 7:53 pm
Do you have any in San Diego, CA? ... I hope the following does not violate "too severely" the posting criteria for the board. I would just like to introduce...
1693
Luis Salazar
Luis.Salazar@...
Aug 18, 2005 7:56 pm
To the listserv. my bad. Please Disregard. ... Do you have any in San Diego, CA? ... I hope the following does not violate "too severely" the posting ...
1694
Gary Funck
garyfunck
Aug 19, 2005 8:24 pm
Not really forensic-related, but it does involve Linux. <g> I'm trying to revive a circa 2001 system which has a 1.3Ghz T-bird running at 266 Mhz FSB. PC 2100...
1695
Stevens R. Miller
bobhey2000
Aug 19, 2005 9:09 pm
Gary, why put so much energy into an old system? Is there something special about it?...
1696
Gary Funck
garyfunck
Aug 19, 2005 9:27 pm
... That's a good question. I guess part of the answer is that I didn't _think_ I'd have to put any effort into it at all (ie, it would work as is), and when...
1697
IanC
devorg
Aug 20, 2005 4:34 pm
... Could it be a cooling fan at fault? CPU's are funny things when overheating. (ie: if it works for even a little time then fails it's likely to be ...
1698
Gary Funck
garyfunck
Aug 20, 2005 7:38 pm
... Ian, thanks. Definitely something worth checking out. In the meantime, I've plugged in another motherboard and cpu that were sitting on the shelf, and...
