Jesse Kornblum Interviewed on CyberSpeak Podcast On the December 31, 2005 episode of CyberSpeak, Jesse Kornblum was interviewed about his work with open source...
Hi Bret ! that is absolutely great and thanks for that! ... From: "Bret Padres" <sleeplessinlinthicum@...> To: <linux_forensics@yahoogroups.com> Sent:...
ahmed
ahmed@...
Jan 2, 2006 12:00 pm
1888
I was wondering if anyone knows of an open source program that can read and process Outlook 2003 PST files. The libpst project ...
Which open source program is best for reading unallocated space on an NTFS partition? This is a curious situation. All of the interesting data was on a...
Ronald L. Chichester
ron@...
Jan 5, 2006 2:57 pm
1890
Sleuthkit (& Autopsy): http://www.sleuthkit.org/sleuthkit/ Open Source and works on NTFS... ... __________________________________________ Yahoo! DSL –...
... Ron, You have a number of options available; The Linux NTFSPROGS package can assist you as you scan for files. Additionally, scrounge-ntfs may also assist...
Good afternoon, I would like to pose a question to you in the hopes of getting some insight into this issue: In the process of experimenting, I wrote a couple...
UPDATE: I just noticed that the place at which DCFLDD freezes up and where hexdump of the CD itself (i.e. not of the image, but the CD) is the blocksize (2048)...
That is correct. And thanks again for your help! One thing that confuses me still, though, is why I'm getting all of those I/O errors when trying to obtain an...
Hi Nico, You should use the block size for optical media though, 2048. I'm not up to date with dcfldd but some imaging tools don't handle multisession discs...
Hi All
I have been doing some testing with dcfldd and have had some success imaging and then mounting floppy discs and cd's. So I decided to try a small...
hiya Stu. I'll be short since I'm doing this from my cell phone. Unless it's a typo, a look at your mount command shows that you are trying to mount the...
... /dev/hdb /mnt/analysis Two problems here. First, as Barry Grundy already mentioned, you are trying to mount the whole drive instead of a partition. Second,...
Barry/Nick
Thanks guys, you're absolutely right of course, I just couldn't see the wood for the tree's I think.
Everything is working as it should now.
Stu...
In this Cyberspeak epsiode, http://cyberspeak.libsyn.com/index.php?post_id=46167 they interviewed the creator of Helix, Drew Fahey. In that talk, there was...
Related question, Any opinions on Helix's "Adepto", its predecssor "Grab", and AIR ("AIR - Automated Image & Restore)? Any other imaging GUI front-ends, or...
... As it turns out, someone on this list (me) is an intellectual property attorney. If you have something specific that you want to ask, please forward it to...
Ronald L. Chichester
ron@...
Jan 18, 2006 10:53 pm
1908
Ron, thanks for your comments regarding copyrights and other aspects of intellectual property. This forum is probably not the best place to hash out the ...
I've used Grab on a couple of acquistions. I was ok. The gui had some bugs in it (alleged fixed in Adepto), but I tried Adepto in the lab once and couldn't...
... I had the same issues, using many different distro CD's until I started using the farmer boot CD. You can get this here: www.crazytrain.com It's packed,...
Mark Loveless (aka Simple Nomad) interviewed on special episode of CyberSpeak podcast. Nomad presented a Windows Wi-Fi `vulnerability' during a recent...
hi everybody, I need to dump a tape (created by ufsdump) using dd in to a temporary filesystem (a single file). The platform is SunOS5.9. The command I...
... Alfredo, That error may have something to do with the block size. Try specifying a block size like 64k or 128k: # dd if=/dev/rmt/0 of=/home/export/temp.dd...
nikkel@...
Feb 9, 2006 2:34 pm
1917
Hi All
Bit of a vague question I know but I was wondering if there was an accepted minimum "dcfldd" command that people use when imaging hard discs.
I was...
For dealing with bad sectors and errors, use "conv=sync,noerror" always. That is the only switch that I would say HAS to be in every dd command that is used...
You might also have to play with the block size setting on the tape drive itself if it isn't set to 0 (auto). You can find out what the hardware block size is...
Stuart, I would agree with Nick (as most would, he being the author and all). A good base dcfldd command would be: dcfldd conv=sync,noerror if=/dev/hda...
Having problems with message search?
Fill out this form to ensure your group is one of the first to be migrated to the new message search system.
