Hi All, I know that I have seemed to have dropped off the face of the earth. I have been going through some personal as well as work transitions. I am glad to...
Also, you must be willing to keep the project confidential, even the concept. I will probably be preapring a NDA for those participating in the project. The...
(courtesy of http://digg.com) http://linuxhelp.blogspot.com/2006/04/linux-distributions-birds-eye-view.htm l There are umpteen GNU/Linux distributions and then...
Hey, Anyone know of a way to mount SCO filesystems in linux? Typically a disk in a SCO system has a single partition which is broken into divisions much the...
Harry Duncan
usr.src.linux@...
Apr 15, 2006 10:15 pm
2066
I just want to thank you for the response for my need for help with the New and Improved Penguin Sleuth Kit project. I have selected my testers and I should...
Hi, Vinetto is a small forensics tool to examine Thumbs.db files. It is a command line python script that works on Linux, Mac OS X and Cygwin(win32). Last...
I just installed and used the html option on gentoo. Works great and the html output is excellent. Art Montes ... [Non-text portions of this message have been...
Background: FTimes is a system baselining and evidence collection tool. The primary purpose of FTimes is to gather and/or develop information about specified...
I've been made aware of a useful tool that our 'Windoze' brethren use, called PEID. A quote from their page http://peid.tk/ : "PEiD detects most common...
Maybe chkrootkit will be helpful to me in the big picture! What I am really looking for at this time, and correct me if I'm wrong about chkrootkit not doing...
You can use the various packers themselves on linux to determine if a file is packed. eg: #here's some non packed files: $ ls printhi.py printhi.pyc #upx...
... For me, the best PE reader for linux is : http://sourceforge.net/projects/perdr/ But it may need a little change in the source to compile with gcc4. Just...
Thanks Christophe. I will give that a look. I can't tell from the quick look yet if its something that I could drive with a script and/or another program. I...
Hi I'd like to ask what pointer do you know to identify when a Win9x/ME installation took place. I'm looking at the moment at Win95 installation and I identify...
Thank you, this is intersting. Unfortunately what I did calculate did not fit to the rest. But some google hits showed the same scheme as described in this...
Okay I figured it out and it works. I also started writting a a small java application which does this task, it's unfinished yet but already can calculate the...
I'll keep that in mind if you run Windows some day...thank you Okay, I wrote it now: WinOra - to translate Win9x and WinNT InstallDate registry keys to human...
Has anyone tried the dmraid package (either in a forensics, or in a user/admin setting)? It is a relatively recent addition to Linux, with the best level...
A colleague of mine has been tasked with extracting the unused filesystem space from within a Novell Filesystem. Does anyone know how to do this or which tools...
... Yahoo! India Answers: Share what you know. Learn something new. Click here Send instant messages to your online friends - NOW [Non-text portions of this...
... Check out http://www.runtime.org/captain.htm. I saw in another Linux forum as a suggested tool. It has a data recovery feature that may provide some...
Well, Many of you will notice that Linux-Forensics.com and Putercops.org are nowe one in the same. I have decided to centralize all my efforts to one site. I...
As this group is a good example of practicing forensics, I'm wondering if any of you have a preference for imaging devices. I've found that imaging a drive...
Ronald L. Chichester
ron@...
Jun 6, 2006 7:32 pm
2097
... Well, at my current job, the Standard Operating Procedure is to: 1. extract the source drive 2. put it in a drive carrier (Like an IDE "cold swap" tray) 3....
I missed this earlier, but in re-reading some of the list messages I noticed it and couldn't resist responding. Your assumption that there is "essentially no...
... Sorry to be unclear. My "appliance" was just a PC with Linux and a custom script. :) It worked great! ... Good point. I've got a Canon 20D which has a...
Having problems with message search?
Fill out this form to ensure your group is one of the first to be migrated to the new message search system.
