Greetings. As you may recall from my previous research [1], it is frequently useful to compute a histogram of the email addresses on a hard drive. The most...
The PTK team is pleased to announce the openining of the first Call for Articles (CFA). PTK is an alternative advanced interface for the suite TSK (The Sleuth ...
Dear Colleague, Digital forensic professionals respond to investigations such as basic email examinations to data breach incidents. Forensic practioners are up...
... Thanks, Barry. All your effort is very much appreciated. -- Neil Marsh, CFCE, WA PI #2840 Marsh Computer Forensics, LLC PO Box 246 Chehalis WA 98532-0246...
Barry just to add to the list of thankyou's. your hard work is much appreciated here too. tip o' the hat to you. Kern [Non-text portions of this message have...
kern
kern.uk@...
Sep 7, 2008 9:52 am
2957
All, I would appreciate some help with a matter. I am looking to run a recursive hash of all files within a folder on a Program Files folder on an XP machine...
md5deep Simply mount the NTFS partition from each drive. Run md5deep recursively on the first folder and pipe to a file. Then run it against the second...
You might want to try hashdeep, part of the md5deep suite, http://md5deep.sf.net/ In particular, the audit mode may be exactly what you're looking for. To...
I have a Perl script I use for just such a purpose. It is really set up to run on Windows to capture extra information, but can be used on Linux or Mac as...
Bob, I would be interested in a copy of your Perl script if you would be so kind. Ken Pryor ... [Non-text portions of this message have been removed]...
http://bobkardell.tripod.com/ Please test them. Thanks, Bob ... From: Ken Pryor <kdpryor@...> To: linux_forensics@yahoogroups.com Sent: Sunday, September...
Hi Hopefully just a quickie for someone :) Can anyone tell me how to make 'xxd' display decimal offsets rather than hex. I have had a hunt around the man pages...
While I haven't really tried it, so forgive me if it doesn't work. Offhand, it seems like you could script it to output just like you want. Just have xxd...
... You can use FTimes to accomplish your task as follows: 1) Take a snapshot of the issue PC files: C:\> ftimes --mapauto none+hashes -l 6 "C:\Program Files"...
Garret, You can use FTimes to accomplish your task as follows: 1) Take a snapshot of the issue PC files: C:\> ftimes --mapauto none+hashes -l 6 "C:\Program...
... Hash: SHA1 Hi Stu, Doesn't look as though hexdump can either. From the gui though you can set khexedit to use offset in hex or decimal. Jon. ... Version:...
... Hmm ... maybe I've missed a post, or have a different version ... My version of hexdump shows decimal. Did I miss something? Cheers! farmerdude ...
farmerdude, As can be seen below the offsets are definitely in hex. I am using version 1.10 27oct98 which on the face of it does seem quite old. I'll see if...
... Hash: SHA1 Stu, that's the version I have, owned by vim-common 1:7.1-138+1ubuntu3 under Ubuntu 8.10.1, which is the most recent version. Thomas, you got...
Simson You could try hibernating it to create a 'sleepimage' file making use of Mac's 'Safe Sleep' function then image it as normal. There is a short...
... Hash: SHA1 http://www.osxbook.com/book/bonus/chapter8/kma Or you could acquire memory over firewire ! Jon. ... Version: GnuPG v1.4.6 (GNU/Linux) Comment:...
That's an interesting idea! So you are recommending this procedure: 1. Just close the lid of the laptop. 2. Wait a few minutes 3. Pop the battery. 4. Boot the...
That's an interesting idea! So you are recommending this procedure: 1. Just close the lid of the laptop. 2. Wait a few minutes 3. Pop the battery. 4. Boot the...
Simson "Recommending" is probably not the phrase I would have chosen, I merely offer it as a suggested workaround if you have no other options : ) and I would...
Having problems with message search?
Fill out this form to ensure your group is one of the first to be migrated to the new message search system.
