Hi All I appreciate that this may be bread and butter to most on this list, but if you don't know you don't know :) How do I go about viewing compound file...
... From the snippet you've posted: 1) His dictionary definition of forensics is incorrect / incomplete. 2) His view on the usefulness of digital forensics is...
yes, several people posted comments on the original web page that it was poorly written. aside from that, has anybody here encountered these problems? I knew...
This sort of thinking is perpetual in magazines aimed at senior corporate officers. The line about "hobby level" is especially telling. He's just playing to...
Digital Investigation: The International Journal of Digital Forensics & Incident Response The Journal of Digital Investigation is a widely referenced...
nikkel@...
Jun 5, 2007 1:13 pm
2549
Hi I am currently working on an image of a 20 Gb /root partition (/dev/sda2). I then used foremost to look for video files of interest and found a number of...
Hi Stu, ... What strings are you looking for? What grep terms? How are you looking for the file? Was the file allocated or unallocated? ... Nothing at all?...
Hi Barry Thanks for the response. ... I won't expand on what I had done as you were correct in that the file name is arbitrary and therefore I was effectively...
Stu, Grep, Strings, XXD etc are only going to show you ascii representations of a binary file (the mpeg). I'm not sure what exactly your search strings were, ...
Stu, Sorry I'm a bit late to the party (I sent my first response before I saw this one). With your below commentary you've answered some of the questions I had...
Have you looked for obvious clues like the .bash_history file or other shell history files? Or, if you have a specific alternate location that you suspect,...
Michael Snyder
msnyder@...
Jul 12, 2007 9:52 pm
2558
Please excuse my complete ignorance. I am doing research for my boss on this issue and am essentially the middle man here. Where will he find the .bash and...
... He might be better off with a different middle-man then since this is pretty basic shell stuff. as far as your original question, there will be no...
... ever! no, but sometimes you can see it in the logs... also in /swap sometimes if your lucky as for when, usually that gets lost fairly quickly Richard...
Looking at the log files you might be able to determine there was a USB device inserted, or that an 'sd' device was mounted. Realistically, if you're asking...
All, I've been given a tape that I know nothing about (Tape Drive, logical format, etc). What tool(s) would you recommend for tape drive recovery and analysis?...
... I think I'd pop the tape in the drive, and use dd to create a disk image of the tape. Let's face it, reading from tapes is slow and annoying. :) Then,...
... tar would be more traditional for grabbing info from tape, but not sure where you stand forensically in terms of having a hash of the media afterwards. A...
Hi James, Since I've never on tapes and DD, I can't say for sure what you get, but you can MD5 the individual files that you take off the tape with tar. -Enda....
... Enda, I've had difficulty getting Irix to read a DDS tape created under Linux with tar. And, that's just getting different versions of tar to read one...
Just wanted to add two quick points to this very worthwhile discussion: 1. _Please_ be sure the write-protect tab is in the "locked" position before you put...
While we're in the mode of quick points, and to further add an exclamation point to Stevens' comment that "tape sucks", there is a distinct possibility that a...
Steve Fowler
sfowler@...
Jul 18, 2007 8:40 pm
2570
That crossed my mind, too, Steve. dd is great for imaging disks, but I think you could be stymied asking it to "image" a tape, for just the reason you...
... I put multiple images on tapes for backups all the time i.e tar cjvf - somedir | dd of=/dev/nrmt0 bs=100k tar cjvf - someotherdir | dd of=/dev/nrmt0...
Thanks for pointing out my error, Brendan -- mental rust accumulation is hard for me to avoid when it comes to tapes! The error was using "EOF" when the...
Having problems with message search?
Fill out this form to ensure your group is one of the first to be migrated to the new message search system.
