There are many tools for recovering data from damaged CDs with Windows, but I don't know of any that can return the raw data (even in the case of ECC failure)...
The Atlanta Chapter of the High Technology Crime Investigation Association (HTCIA), in partnership with the CyberCrime Institute (CCI) at Kennesaw State...
I have moved recently from an area that was using some of the "standard" tool sets, FTK, EnCase etc. Now I'm in an environment that requires the use of open...
... Just out of sheer curiosity, what is it about your new environment that requires you to use open source tools? Don't get me wrong, I'm an advocate of open...
ron@...
Feb 27, 2007 2:49 pm
2433
For browser cache you can use Mandiant's tool: WebHistorian. It's free at this time and does a decent job. It's not the most straight forward but as long as...
I'll give it a go, thanks. ... ____________________________________________________________________________________ The fish are biting. Get more visitors on...
Extract does a good job with ms metadata. If you are using debian it is apt-getable. ... -- There is no reason for any individual to have a computer in his...
... bash scripting is handy. I use this onliner format all the time: file * | grep -i jpeg | cut -f 1 -d ':' | while read i; do mv "$i" jpegs; done i.e. type...
... Scott, Current version of THE FARMER'S BOOT CD has a simple GUI for pulling browser cache info from Opera, Firefox, and IE. Web page has screen shots and...
Dear All, My sincere apologies if this is not a relevant posting in this mailing list. http://f0rensics.blogspot. com is a blog that gives questions like bits...
Hi I am some what new to bash scripting so please forgive me if this is a bit basic for this list! Anyway, I have an enormous pile of "zip" discs to image so...
That didn't quite come out like I wanted (of= twice, and forgot to incorporate your unmount) Try this: #!/bin/bash declare -i zipdisknum=1 anotherzip="" until...
From a logic perspective, it's worth nothing that there is no reason to mount these drives whilst imaging them. Also if it were me, I'd hash them before the...
... Will this do what you want? #!/bin/bash declare -i zipdisknum=1 anotherzip="" until [ "$anotherzip" = "Exit" ] do mount -o ro,noexec /dev/sda /mnt/zip #//...
Jacques/Jeff
> Although I don't mount when I image
> I don't either for hard drives, not sure why I thought I should for
these - very good point - duly...
... I did some trouble shooting and testing (and added some functionality). Here is the finished script. It works on my system as expected. I simulated some...
... Here is an improved version (so I enjoy scripting, is that a crime?). I had never used getopts to allow options to be passed to a script. I tried it out...
Just a quick note on the dcfldd options. I'd strongly recommend using conv=sync,noerror instead of notrunc,noerror. Secondly, unless you feel passionately...
Recently worked a data recovery case involving a raid0 array gone south. The disk was setup as a windows dynamic disk with an NTFS partition. When examining it...
There is starting to be way too much spam on this group. Unfortunately, what I used to enjoy reading has become a pain now. If the moderators/group owners...
... How much are you seeing? I do see one or two per month on average from this list but that seems to be about it. I don't know if gmail is filtering the...
... Hash: SHA1 Wow. My e-mails filtering seems to be working better than that. I only saw spam here twice this year. ... - -- Rodrigo Barbosa "Quid quid Latine...
I don't get too much from this group at all. I just recently resigned from the computerinvestigators group for too much spam but have not really had a problem...
I have only had two (2) recent issues pop-up which I brought to the attention of the moderator. Prior to these two issues, I have not seen to many spams or...
Hello, Thanks for your help in advance. I am trying to use foremost extract *exe, DLL's and zip files from ethreal logs and I am having issues. First of all,...
Having problems with message search?
Fill out this form to ensure your group is one of the first to be migrated to the new message search system.
