Would using a bootloader other than GRUB help with the error problem? On 3/12/08, Alfred Tims <timsal-1@...<timsal-1%40linuxmail.org>> wrote: Hi, Try doing a...
What did you use to burn the CD? Depending on what program you use the ISO can get a little mangled, and provide you with the generic disc read error you're...
... Using a tool to do something beyond what the original author anticipated does not make it automatically null and void. If you do proper testing using...
... Mr Rogers also said in that same song the the qualified examiner must know when to walk away and know when to run. I'd suggest "run" for this case. The...
... I have to disagree. If your agency has a validation unit, then they would take care of validating a live distro that they would create. If not, the person...
I just gave it a test (wine-0.9.46 on FC6 so not latest and greatest version of Wine or Fedora) and it failed. I could fire it up and view a folder. However...
Hi, Jacques, Yes, you are correct. I made things sound worse than they are. It is possible that you could spend the time with the court and the other side's...
... Disclaimer: I'm new to the list/group, don't do forensics, and have not tested exactly what you're wanting to do [1]. However, I have done something...
I am looking for help building Pasco, the index.dat parser by Foundstone. I am having trouble building under FC8 with the following make errors: gcc -o pasco...
... Thanks for the links. I was aware of Barry Grundy's linuxleo.com (Barry is a member of this list). An excellent tool to learn Linux forensics. I've used...
... Dear court, I'm an expert witness, except my expertese doesn't extend beyond FTK imager.... as I said, know when to walk away, and know when to run ;-) ...
John, Here's how I fixed it: Add the following #include along with the others #include <string.h> (gets rid of the implicit declaration for strcpy warning) ...
... Well, I'm not anywhere close to a C guru (just started learning it, in fact), but a bit of poking around shows that there were a couple ... +++ pasco.c...
... No, Dear court, I am an experienced forensic examiner. I have used various imaging tools over the years including FTK Imager. In this instance I used FTK...
... Hi Jacques, No, unfortunately time just does not allow for that sort of evaluation testing. I'm too busy trying to keep up with testing versions of stuff ...
... Which directly contradicts your purpose of the exercise which you stated was to give people who were only familiar with FTK imager a linux based tool to ...
Hi all, I got the HDD of a server on which we have a real doubt on its compromission. The system was a SUSE Linux Enterprise. For my investigation, i would...
... Again... no. In a posting yesterday replying to you I clearly stated that had it worked, I could have created a tested/validated Linux boot CD with FTK...
On Wed, Apr 2, 2008 at 8:43 AM, Grundy, Barry J. (HQ-WIM51) ... Didn't realize you were there. I was there as well both as an attendee and as a presenter. I...
Steve, thank you for your help with the coding. I have built pasco without errors making the modifications you provided. I'll seek out an index.dat and parse...
... No, I am. The exercise just appears to me be the most pointless waste of time I've witnessed in 2008, and your motives and explainations appear ...
... Some laptops are very difficult if not near impossible to take apart to get to the drive. Some will not image properly unless in the native machine. Or...
... If they were only familiar / competent with FTK imager in the first place, then they lacked the competency to take a forensic image, esp given the closed...
Harry Duncan
usr.src.linux@...
Apr 2, 2008 7:31 pm
2762
The new PTK in alpha version has been released. PTK is the new alternative interface for Sleuth Kit. Among the features implemented in this version we...
... You can have a qualified forensic examiner who is proficient in a single analysis tool. That fact does not invalidate their knowledge/expertise. It...
... Could we kill this thread? I think Enda was saying the same thing: if you can validate the mechanism as you said above, then why not just do it? Or, if...
... [...] ... No idea. However, the way that I've done this is to use chroot and to point to the root of the target system. chroot /mnt/target rpm -qa --last ...
Rather than quote parts of the interesting (and very long) thread that resulted from Jacques B.'s original query, I'll offer a few observations/opinions: - I...
... Its actually a step backwards, state of the art is using a windows tool on a fully developed and tested windows platform, using a windows tool on a beta...
Having problems with message search?
Fill out this form to ensure your group is one of the first to be migrated to the new message search system.
