Security Basics mailing list archives
RE: Digital Evidence Question - What is an effective Windows hard -disk search tool?
From: "Robinson, Sonja" <SRobinson () HIPUSA com>
Date: Fri, 20 Jun 2003 10:49:57 -0400
If you reformatted, don't waste your money on any product, your stuff is gone and the $75 tool isn't going to help you. Forensics tolls aren't going to help you. You're only hope is something like Ontrack and that will cost you. Even if you could recover some of the information from free space or slack space, no your files wouldn't have been readable. IF you has not reformatted and IF you had not reinstalled the O/S yes they woul;d have been readble by the original program. You're pretty much toast dude. Sorry. It is possible to reassemble files IF they are still there (99.5% chance they're hosed) but reassembly will cost you serious $$ because it takes a lot of time to do manually. Sonja Robinson, CISA Network Security Analyst HIP Health Plans Office: 212-806-4125 Pager: 8884238615 -----Original Message----- From: Wilcox, Stephen [mailto:StephenWilcox () universalcomputersys com] Sent: Thursday, June 19, 2003 12:02 PM To: Ansgar Wiechers; security-basics () securityfocus com Subject: RE: Digital Evidence Question - What is an effective Windows hard -disk search tool? Do to the lack of knowledge and impatience I formatted the drive. I now have looked at a couple recovery tools out there but they run around $75.. ouch. I will bite the bullet and get one I guess. Here is the question, once that the information is recover will the application be able to read the file again or does the file have to be reassembled by a third party? I friend said that recovery is not a probable, reassembling the information in a order so the application can read it is another thing. I have no idea on this, what is your thoughts? Stephen -----Original Message----- From: Ansgar Wiechers [mailto:bugtraq () planetcobalt net] Sent: Wednesday, June 18, 2003 6:50 PM To: security-basics () securityfocus com Subject: Re: Digital Evidence Question - What is an effective Windows hard -disk search tool? On 2003-06-18 Gene LeDuc wrote:
It funny that this discussion started in the last few days.. As Murphy would have it, last night while installing a new nic card. Something happened to the boot.ini file and corrupted it. I don't know how or why except the possibility of it writing to the boot.ini file the nic information. I don't think that this information is stored in the boot.ini file but maybe. Anyway the problem I ran into is that the win would not load and I couldn't recover it. (No safe mode, no fixboot, no fixmbr, nothing) I figured I would just overlay an OS on top of the old one and then recover the information, no luck the process would not perform unless I format. Great... If you know what I mean. I have been researching free tools to recover lost data but no real luck in a software that performs properly. I was wondering if anyone has/knows of one. Looking to recover my office files - *.xls, *.pst file and *.doc files.If all you want to do is recover the info, you can attach the hard drive to a linux box and mount the NTFS partition. From that point you can browse the NTFS file system and copy any files you want. Depending on the flavor and version of linux, you may have to load an NTFS driver; I believe sourceforge has a read-only driver. If you don't have a linux box hanging around then I suppose you could also attach the drive to another MS box and access it natively.
Most distributions provide (read-only-)access to NTFS out of the box, since it is part of the official kernel. The only exception I know of is RedHat (you have to install the driver yourself there). If you don't happen to have a Linux box you could try tomsrtbt [1] which runs from a single floppy disk. With another harddisk in the box you can easily copy the files you want to preserve onto the second harddisk. Use FAT32 as filesystem for the second harddisk so it will be read- and writable from Windows as well as from Linux. [1] http://www.toms.net/rb/ Best regards Ansgar Wiechers --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ---------------------------------------------------------------------------- ---------------------------------------- The information transmitted in this message is intended only for the person or entity to whom it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy any copies of this document. --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ---------------------------------------------------------------------------- ********************************************************************** This message is a PRIVILEGED AND CONFIDENTIAL communication, and is intended only for the individual(s) named herein or others specifically authorized to receive the communication. If you are not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender of the error immediately, do not read or use the communication in any manner, destroy all copies, and delete it from your system if the communication was sent via email. ********************************************************************** --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
Current thread:
- RE: Digital Evidence Question - What is an effective Windows hard -disk search tool?, (continued)
- RE: Digital Evidence Question - What is an effective Windows hard -disk search tool? Levasseur, Brian (Jun 18)
- RE: Digital Evidence Question - What is an effective Windows hard -disk search tool? Gene LeDuc (Jun 18)
- Re: Digital Evidence Question - What is an effective Windows hard -disk search tool? Dana Epp (Jun 19)
- Re: Digital Evidence Question - What is an effective Windows hard -disk search tool? Ansgar Wiechers (Jun 19)
- RE: Digital Evidence Question - What is an effective Windows hard -disk search tool? Raoul Armfield (Jun 20)
- Re: Digital Evidence Question - What is an effective Windows hard -disk search tool? Ansgar Wiechers (Jun 23)
- RE: Digital Evidence Question - What is an effective Windows hard -disk search tool? Robinson, Sonja (Jun 19)
- RE: Digital Evidence Question - What is an effective Windows hard -disk search tool? David Olivier (Jun 19)
- RE: Digital Evidence Question - What is an effective Windows hard -disk search tool? Robinson, Sonja (Jun 19)
- RE: Digital Evidence Question - What is an effective Windows hard -disk search tool? Robinson, Sonja (Jun 21)
- RE: Digital Evidence Question - What is an effective Windows hard -disk search tool? dave klimen (Jun 23)
- RE: Digital Evidence Question - What is an effective Windows hard -disk search tool? Gene LeDuc (Jun 21)
- RE: Digital Evidence Question - What is an effective Windows hard -disk search tool? Gene LeDuc (Jun 21)
- RE: Digital Evidence Question - What is an effective Windows hard -disk search tool? Gene LeDuc (Jun 23)
- RE: Digital Evidence Question - What is an effective Windows hard -disk search tool? Robinson, Sonja (Jun 23)
- RE: Digital Evidence Question - What is an effective Windows hard -disk search tool? Robinson, Sonja (Jun 24)
- RE: Digital Evidence Question - What is an effective Windows hard -disk search tool? dave klimen (Jun 24)
- RE: Digital Evidence Question - What is an effective Windows hard -disk search tool? Clayton Hoskinson (Jun 25)
(Thread continues...)