I'm looking for a good tool to hash a complete disk (md5). I need to check and report the integrity of a disk before I make a forensic image of it. Of course,...
Hi Mark, SMART by ASR Data has an excellent authentication engine. It's quite robust and is available in a clean, easy-to-navigate graphical user interface. ...
... We wrap the imaging and md5-ing all into a single ddcfld command: dcfldd if=$source_drive of=$image_file bs=256b hash=md5 \ hashlog=$md5_file sizeprobe=if...
I'm biased, but md5deep (http://md5deep.sf.net/) has a nice progress indicator: $ md5deep -e /dev/sdc Lots of other bells and whistles too! cheers, ... -- ...
Hi All,
(Just posted this to Forensic Focus this morning)
Has anyone done any work on UTF-8 encoded data using TSK or on linux in
general?
The file system...
Daniel, Adam (AU - Sy...
addaniel@...
Jul 9, 2008 8:55 am
2904
Are you looking for all UTF-8 strings or just English UTF-8 strings? An overall problem of doing strings extraction for all of Unicode is that most byte...
Hi Jesse, I use md5deep since a while and I really like this tool. I now realize I can also use it to hash complete drives with it. Thanks, Mark ... like to ...
When I boot with Helix and I connect a (USB) disk, I see this message in the console: ... sda: Write protect is off ... which is a little confusing for me, as...
Mark, The "write protect is off" message you are getting does not refer to the mount options for any filesystem on sda. Check with the "mount" command by...
... But with Helix, can you really trust this? Given the author's indignation and disdain for constructive criticism on an blatant flaw with the product, I'd...
This thread reminded me of something that I was going to ask about that relates to the previous thread regarding unintentional writes to a reiserfs partition...
Thanks for your mail ... I think this can easily be verified now: boot with Helix CD connect a disk to an open USB port use md5deep to hash the contents of the...
I recently had a few issues with helix when i was trying to acquire an IDE disk attached by a Magic Bridge USB/IDE connector. Never really got to the bottom of...
... I can. Yes. We trust what we test. Is there anything you trust that you haven't tested? On the flip side, is there anything you've tested (and passed)...
... Actually, the definition of trusting something is putting the thing in a position where, if it doesn't work if you expect it to work, it will hurt you....
You Wrote: Actually, the definition of trusting something is putting the thing in a position where, if it doesn't work if you expect it to work, it will hurt...
Howdy - I'd like to invite members of this list to evaluate a Linux tool we've been developing that has numerous practical applications to data forensics. ...
Greetings, This a bit harsh, I think. Perhaps you could get the point across a bit more diplomatically? -David ... [Non-text portions of this message have been...
... haha... you need to look at the previous thread to see the non diplomatic way in which the helix author made a false claim about his tool when it was...
Harry Duncan
usr.src.linux@...
Jul 12, 2008 3:45 pm
2920
Harry, Cliff et al, Before this starts off another flame war, can we please put this petty squabbling to bed. The point was made during the previous thread...
What flame war? A recommendation was made. The recommendation was vilified. When asked for proof the recommendation was false, silence ensued. When the...
Hello All, I just wanted to see if anyone has an SOP for processing Linux LVM/LVM2 or BSD Vinum volumes? I am also looking for the best approach when...
Tim Fowler
timothy.m.fowler@...
Jul 14, 2008 3:26 pm
2923
... Rumor has it that Slackware is somewhat popular as a forensics base, and I'd like to think that I'm somewhat familiar with Slackware, so maybe I can help...
Hi Has mounted several split DD images on a Windows XP SP2 platform successfully although it sometimes closed unexpectedly on a couple of occasions during the...
Hi Jason - The Linux version does the physical disk and vmdk creation, the Windows version presently does not. At some future point, we may provide a physical...
Greetings, Version 12 of the FCCU GNU/Linux Forensic Boot CD was released recently. I'm curious if anyone has any experience with it and how it compares with...
David, I have some posts, in my blog, comparing them. The posts are in portuguese, but you can use a web translator. []s -- Tony Rodrigues, CISSP Forense...
Having problems with message search?
Fill out this form to ensure your group is one of the first to be migrated to the new message search system.
