Good morning, I have what should be an image of a reconstructed RAID 1+0 array from a freebsd system. RAID Reconstructor "blessed" one particular configuration...
Greetings. Are there any good log file analysis tools that people are using for forensic or incident response? I have heard that some people are using...
I've run some trials with Sawmill. It is commercial, flexible and it natively covers a large number of log formats. http://www.sawmill.net/index.html. ...
Brewis, Mark
mark.brewis@...
Nov 3, 2008 9:25 am
2998
however Win32, but my logparser of choice is the free Microsoft LogParser 2.2 ...
Hi Simson, Since you sent this to the Linux Forensics group I'm presuming you're looking for A) tools to analyze log files common to the Linux operating system...
I'm not familiar with Delve or grokevt. Can you provide URLs? In general, most of the programs I've seen do parsing, but do not do detailed correlation,...
Hi all, I'm trying to figure out how to create a directory of symbolic links from a list of files. For example, if I wanted to create a file list of all...
I am on my way out of the door right now, but my first inclination is the use of xargs with ln I will write up a command when I get to a nix box. Jason...
... Hash: SHA1 Stuart, Revisiting an old thread, have you tried dcat from the sleuthkit e.g. dcat -f raw 32mb.dd 0 -h Also converting hex to decimal is quite...
On Fri, 7 Nov 2008 10:20:39 -0800 ... Have a look at Slackware's makepkg(8) utility. It walks through a package DESTDIR, removes the symlinks from it, and...
I got most of the way there, only I need to deal with the dupe filenames still: # find /home/user/ -type f -exec file {} \; | grep -i image | cut -f1 -d: |...
... John, A couple of points to ponder: 1) You might want to use "xargs" for the file command instead of "-exec". The find command is most useful with -exec...
Thanks RW for the pointer. I'll take a look. ______________________________________ John Lehr Evidence Technician San Luis Obispo Police Department 1042...
Thanks, Barry. I had planned on using xargs with file when I saw how my command was working. I have since modified the command with "xargs -0 ln -s ..." for...
... Are you sure you'd want to *eliminate* the duplicates? Having duplicate file names does not mean you have duplicate data. It would probably be better to...
Yeah, if it were me I'd send the output of the find command to a file and then sort | uniq -c | sort -rn to see if there were any dups. There shouldn't be any...
If you want to eliminate duplicates, instead of keying on file name, consider using the file's hash value. You could have the script (or another script)...
Hi All, I'm glad to announce this new Linux Forensics Live Distro: http://www.caine-live.net/en/index.html CAINE (Computer Aided INvestigative Environment) is...
John, I haven't checked this mail in a while, hopefully it's not too late for you. 1) -exec will be very inefficient, you should pipe them to xargs for better...
Recently there were several postings which discussed the use of the find and the xargs command. I would like to point out that there is a significant security...
Hi All, I am the program director for Computer Forensics at a college in Minnesota.I would like to ask anyone here willing to server our advisory committee....
Hi Stevens, The college is Century College but I was more interested in contacting those who are intetrested regardless of the college. We are the largest 2...
Hello, Rapier is a forensics data carver written for Linux. To simply put what it does is, it looks for file headers and footers. Once it identifies the file...
maillist@...
Dec 1, 2008 11:14 pm
3020
I am looking for ideas on what to do with www.opensourceforensics.org. It is currently a manual process to edit the raw HTML files and add the needed data...
Hi Guys, If you record a DVD on a hardware DVD recorder using DVD +R or DVD -R media instead of RW media, the DVD recorder cannot go back and write the disc...
Harry Duncan
usr.src.linux@...
Dec 2, 2008 8:06 am
3022
Drupal is a good CMS or Joomla. There are, in both CMS, many possibilities to integrate a forum or to use a bibliografy. In Drupal there is a possibility for...
Brian, I will volunteer for that. I was just actually working on the creation of an open source (code and technology) law enforcement association, to include...
... Hash: SHA1 Count me in! If I can help I will. Have you considered a wikipedia section? Jon. ... Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG...
Having problems with message search?
Fill out this form to ensure your group is one of the first to be migrated to the new message search system.
