Simson You could try hibernating it to create a 'sleepimage' file making use of Mac's 'Safe Sleep' function then image it as normal. There is a short...
... Hash: SHA1 http://www.osxbook.com/book/bonus/chapter8/kma Or you could acquire memory over firewire ! Jon. ... Version: GnuPG v1.4.6 (GNU/Linux) Comment:...
That's an interesting idea! So you are recommending this procedure: 1. Just close the lid of the laptop. 2. Wait a few minutes 3. Pop the battery. 4. Boot the...
That's an interesting idea! So you are recommending this procedure: 1. Just close the lid of the laptop. 2. Wait a few minutes 3. Pop the battery. 4. Boot the...
Simson "Recommending" is probably not the phrase I would have chosen, I merely offer it as a suggested workaround if you have no other options : ) and I would...
Simson I found a further article here: http://brockwoolf.com/safe-sleep-guide-for-mac-os-x It would appear that 'Safe Sleep' and 'Secure Virtual Memory' do not...
I am happy to announce the following: 1. /private/var/vm/sleepimage is in fact a copy of the Macintosh Laptop's memory, as it was when the mac went to sleep...
... Hash: SHA1 Simson, Yes, I have got it working. More reliably on *nix target systems than Windows. (Windows Forensic Analysis by Harlan Carvey) Ideally use...
Can anyone advise on how I compare the contents of folders using 'md5deep'. I have four folders each of which are the contents of restored dat tapes. I suspect...
Stuart - I haven't verified this method but shooting from the hip, Can you tar the 4 folders and then use md5 on the resulting tarballs? This should tell you...
To identify missing or modified files: md5deep -r -x [hash list file] -n [target directory] To identify added or modified files: md5deep -r -x [hash list file]...
kelly bwc
kelly.bwc@...
Oct 15, 2008 6:05 pm
2987
You can use FTimes to accomplish your task as described in the steps below. This approach requires FTimes 3.8.0 or higher and ftimes-xformer 1.12 or higher....
... This procedure may not work. If the computer, for whatever reason, decides to tar the files in a different order, even identical files might create...
... These command lines are exactly right, thank you! ... Yes. I wrote hashdeep so that you wouldn't need two command lines to test the integrity of a...
Jesse - I didn't even think about that with tar. Thanks for the feedback on that. BTW ... just found foremost this week and have used it already. Thanks for...
Hi, I'm looking for a PyFlag VMWare appliance, but couldn`t find it, yet. Could anyone help me with this ? Thanks in advance -- Tony Rodrigues, CISSP, CFCP ...
... Hash: SHA1 I don not think there is one! At least not that I am aware of. I suppose you could always suggest this to Michael Cohen the author. Jon. ... ...
Thank you, Jon. I was afraid of that. Well, I will wait more one or two days, and if nobody has a clue, I will proceed and ask him. Thanks, Tony ... -- Tony...
Good morning, I have what should be an image of a reconstructed RAID 1+0 array from a freebsd system. RAID Reconstructor "blessed" one particular configuration...
Greetings. Are there any good log file analysis tools that people are using for forensic or incident response? I have heard that some people are using...
I've run some trials with Sawmill. It is commercial, flexible and it natively covers a large number of log formats. http://www.sawmill.net/index.html. ...
Brewis, Mark
mark.brewis@...
Nov 3, 2008 9:25 am
2998
however Win32, but my logparser of choice is the free Microsoft LogParser 2.2 ...
Hi Simson, Since you sent this to the Linux Forensics group I'm presuming you're looking for A) tools to analyze log files common to the Linux operating system...
I'm not familiar with Delve or grokevt. Can you provide URLs? In general, most of the programs I've seen do parsing, but do not do detailed correlation,...
Having problems with message search?
Fill out this form to ensure your group is one of the first to be migrated to the new message search system.
