An extremely simple way of doing this which is available to someone of even low skill is just to connect up a DV Handycam. While normally you would connect it...
I don't suppose there is an easy way to figure out if someone saved 'what files' to a floppy on a particular day, or days? System is Win98 Most all files were...
I thought this would be really easy when I quoted doing this for a client in support of a deposition, but now I'm flummoxed! The client asked for a report...
Steve Fowler
sfowler@...
Jun 3, 2004 8:02 pm
627
I'd be tempted to restore the drive, slave it, and wipe the deleted files off it. Afterwards do your searches on that then compare what file hits you got off...
Ian -- That's very close to one of things I have done so far... but very time consuming, one-by-one processing. Anyone know about a UTILITY that takes a list...
Steve Fowler
sfowler@...
Jun 3, 2004 8:19 pm
629
This seems simple so maybe I'm missing the point of the question. What's wrong with "find . -type f -exec egrep -c -H -f search_terms.txt {} \; " or even ...
... This is good, but depends upon the '-r' (recursive) option of (GNU) fgrep. If -r is supported, you're good to go. In older Linux's and on other Un*x's you...
... ... Thanks for the extended info, but searching through the GNU grep changelog yields the following: 1998-08-18 Paul Eggert Add support for new -r or...
I just tried that Rich and for some reason it didn't work too well,, or at least I think it didn't. I did also just search for A:\ and of course got loads of...
OK... How about the Recent Docs list, should be in the registry (I think the key is something like MRU). If it was on the C then saved to the then it might be...
... [...] ... True. :) But sometimes you'll be called into an existing installation, which runs some combination of older systems and software and you won't be...
Thanks Rich,, Most all files though were opened by the company tech peoples and it is this which is causing me the headaches (them changing everything). The...
Ian - The primary diff is one of primary colors: *yellow book* is for data, *red book* is for music!! ;-) Try this link for an educational synopsis: ...
Steve Fowler
sfowler@...
Jun 7, 2004 8:18 pm
641
I'm in the market for a new laptop for forensics purposes, and and interested in something with FireWire 800. It seems to me that the newish PowerBooks would...
... I use this exact setup (as one piece of my analysis lab) - what would you like to know? Cory Altheide Senior Network Forensics Specialist NNSA Information...
Cory, Since Darwin is a BSD variant, how do you run your MD5 (or a variant) on the target drive? What command do you use? say if you had a USB drive attached,...
... For entire drives: md5sum /dev/rdisk? For individual volumes: md5sum /dev/rdisk?s? I use rdisk instead of disk, even though I've never received differing ...
Thanks Cory.....but there's no md5sum command with FreeBSD apparently. So that won't work. I know how to do it under linux, which is generally the same as you...
I also use the Mac OSx on a 17" powerbook to do forensics as one of my tools.. I also use md5 and openssl md5. If you already have the Mac there is a man page...
Cory, I already tried it, but it doesn't seem to work. md5 -s /dev/da0 But no MD5 was returned. Thanks though. Tony. ... Free just uses 'md5' - md5sum is the...
I was in court today regarding this drive and those missing '.lnk' I mentioned below were caused because at one time the computer was networked through a...
Having problems with message search?
Fill out this form to ensure your group is one of the first to be migrated to the new message search system.
