Security Basics mailing list archives
Re: Digital Evidence Question - What is an effective Windows hard -disk search tool?
From: "Dana Epp" <dana () vulscan com>
Date: Wed, 18 Jun 2003 17:32:32 -0700
In a pinch you can use something like Knoppix, which will boot Linux from a CD, assuming your bios is configured to allow for CD boot. This way you don't have to strip the HD from the rest of the hardware and can still get all the information from the machine and copy/clone it to a network disk, other harddisks etc. I'm not sure if it has the NTFS fs compiled in, but it would be nothing to do that if it hasn't been. --- Regards, Dana M. Epp ----- Original Message ----- From: "Gene LeDuc" <Gene.LeDuc () tns-md com> To: "'Wilcox, Stephen'" <StephenWilcox () universalcomputersys com> Cc: <security-basics () securityfocus com> Sent: Wednesday, June 18, 2003 3:19 PM Subject: RE: Digital Evidence Question - What is an effective Windows hard -disk search tool?
If all you want to do is recover the info, you can attach the hard drive
to
a linux box and mount the NTFS partition. From that point you can browse the NTFS file system and copy any files you want. Depending on the flavor and version of linux, you may have to load an NTFS driver; I believe sourceforge has a read-only driver. If you don't have a linux box hanging around then I suppose you could also attach the drive to another MS box
and
access it natively. -----Original Message----- From: Wilcox, Stephen [mailto:StephenWilcox () universalcomputersys com] Sent: Wednesday, June 18, 2003 11:54 AM To: security-basics () securityfocus com Subject: RE: Digital Evidence Question - What is an effective Windows hard -disk search tool? Hello It funny that this discussion started in the last few days.. As Murphy would have it, last night while installing a new nic card. Something happened to the boot.ini file and corrupted it. I don't know how or why except the possibility of it writing to the boot.ini file the nic information. I don't think that this information is stored in the
boot.ini
file but maybe. Anyway the problem I ran into is that the win would not load and I couldn't recover it. (No safe mode, no fixboot, no fixmbr, nothing) I figured I would just overlay an OS on top of the old one and then recover the information, no luck the process would not perform unless
I
format. Great... If you know what I mean. I have been researching free tools to recover lost data but no real luck in a software that performs properly. I was wondering if anyone has/knows of one. Looking to recover my office files - *.xls, *.pst file and *.doc files. Stephen --------------------------------------------------------------------------
-
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm --------------------------------------------------------------------------
--
--------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
Current thread:
- RE: Digital Evidence Question - What is an effective Windows hard -disk search tool? Robinson, Sonja (Jun 18)
- <Possible follow-ups>
- RE: Digital Evidence Question - What is an effective Windows hard -disk search tool? Levasseur, Brian (Jun 18)
- RE: Digital Evidence Question - What is an effective Windows hard -disk search tool? Gene LeDuc (Jun 18)
- Re: Digital Evidence Question - What is an effective Windows hard -disk search tool? Dana Epp (Jun 19)
- Re: Digital Evidence Question - What is an effective Windows hard -disk search tool? Ansgar Wiechers (Jun 19)
- RE: Digital Evidence Question - What is an effective Windows hard -disk search tool? Raoul Armfield (Jun 20)
- Re: Digital Evidence Question - What is an effective Windows hard -disk search tool? Ansgar Wiechers (Jun 23)
- RE: Digital Evidence Question - What is an effective Windows hard -disk search tool? Robinson, Sonja (Jun 19)
- RE: Digital Evidence Question - What is an effective Windows hard -disk search tool? David Olivier (Jun 19)
- RE: Digital Evidence Question - What is an effective Windows hard -disk search tool? Robinson, Sonja (Jun 19)
- RE: Digital Evidence Question - What is an effective Windows hard -disk search tool? Robinson, Sonja (Jun 21)
- RE: Digital Evidence Question - What is an effective Windows hard -disk search tool? dave klimen (Jun 23)
- RE: Digital Evidence Question - What is an effective Windows hard -disk search tool? Gene LeDuc (Jun 21)
(Thread continues...)