farmerdude, Many thanks for that suggestion. I'll happily report back my progress if I get anywhere useful with the investigation. Right now I seem to have a...
Hi all, Based on a talk I gave last year to the Northern Virginia Linux Users' Group, I've been invited to speak on using Linux and open-source tools for ...
Dear Mr.Stevens Thanks for the offer. But for people who are far away in other countries will it be possible for you to share your slides / discussions with...
I'm sure we can do something like that. I expect LinuxWorld would claim a copyright in the compilation of their expo materials, but I should still have the...
Hi Stevens, Can you please forward a copy of your presentation. I live in the UK and canąt get over for linux world. Regards Jim Gordon Computer Forensic...
Dear Stevens, Hope the complete group is very much interested in this, can you please arrange a presentation for those who cannot attend the meeting. Regards, ...
It would be great if the ppl on this group, could also receive the presentation materials :D best regards, Mada R Perdhana karthick <ct_karthick@...>...
To All As a new user of linux and helix i but a windows tools forensic user i would be very much interested in any presenations that give more tools for my...
Hi All I am trying various ways to image a partition and used dcfldd. however when i was imaging my 6gb partition it stopped and said something like the 4096...
maybe you could split the image into some image file.please refer to past posting to know how to split an image. best regards, Mada R Perdhana mike bennett...
Mike; my first guess is that the file system on your destination drive is not capable of files larger than 4GB (ie. FAT32). Change the FS on your destination...
Hi, Mike. You're probably hitting the 4GB limit of the file system you are trying to copy the image onto. You basically have three choices: 1. Split the image...
Mike Or you could use plain old DD dd if=/dev/<source> | split -d -b 640m - image.split. The result from the above command is a series of 640 Mb files, in the...
Greetings, Are you writing to a FAT32 partition by any chance? I had exactly the same error once and it was due to writing to a FAT32 partition with a 4GB file...
DFLabs team planned a webinar for that date at 5:00 PM italian time (GMT +01:00), during which you will attend a fully functional demo of the PTK Beta...
Mr. Fahey, ... I have confirmed that mounting a reiserfa as read-only using Helix will alter the md5 of the evidence. So you, sir, are incorrect. Other basic...
Thank you very much for your kind reply. Then I respectfully request you stop using Helix and continue to purchase the FBCD where I am sure he will happily...
Drew, Based on your reply to Cliff below, are you agreeing that Helix does increment the journal count on the Reiser file system type? If you've already...
I understand it's possible to index the contents of (ascii) files with the cat command. I have never worked with the cat command before. If I want to index the...
Wow. http://www.e-fense.com/helix/index.php On this page you state: "Helix has been modified very carefully to NOT touch the host computer in any way and it is...
... cat is not made for indexing. It just display the content of a file to stdout. You also need 'strings' to extract the strings and something else to index...
Kill the thread. The points have all been made and now its getting nasty. There is rumor Helix is going to cost, is this true? ... -- Ave caesar! Morituri te...
... Actually, I'd like to get an answer from Drew before the thread dies on whether or not Helix increments the journal count on Reiser file systems. If you go...
Mark, I don't think 'cat' would be a good application for indexing. If you're in the Linux environment you might want to look at using 'glimpse' for indexing....
cat does do line numbering? Maybe that's what you mean by indexing man cat: DESCRIPTION Concatenate FILE(s), or standard input, to standard output. -b,...
Mark There is a very good article on using glimpse here: http://www.linuxjournal.com/article/1164 if you fancy giving it a try. Stu ... From: Jeff Bryner...
... "Kill the thread, but let me continue it." (Maybe I'm being petty,) But why has the point gone unnoticed? Best evidence rules being noted - (for those who...
Thanks farmerdude, I have used glimpse and i think it's great. But, I understand you need to have a license for glimpse in order to use it for my work. I...
Having problems with message search?
Fill out this form to ensure your group is one of the first to be migrated to the new message search system.
