Security Basics mailing list archives

Re: dd vs windows...


From: "Jon Wallace" <jon () b69ca com>
Date: Wed, 9 Aug 2006 19:09:18 -0400


Hi,

There is a nice program called Drive Snapshot (http://www.drivesnapshot.de/en/). This tool allows you to take an image of a machine whilst it's running. What's more, if you change things (install software etc) whilst the imaging is in process, the new additions are not part of the image.

I would then take this image and restore it to a virtual machine (VMWare / MS VPC) which you can then do all of the forensics you wish. Taking this to the next level, you could kick this off remotely with a low priority and take an image of a PC without the user even knowing.

Hope this helps,
Jon Wallace

AppSense - http://www.appsense.com

-----
AppSense Application Manager is a set and forget solution when it comes to stopping unauthorized executables - stopping malware, spyware and unwanted applications.
-----


----- Original Message ----- From: "Marios A. Spinthiras" <mario () netway com cy>
To: <security-basics () securityfocus com>
Sent: Wednesday, August 09, 2006 2:02 AM
Subject: Re: dd vs windows...



there is an easier way over the network if your are interested. Try : http://udpcast.linux.lu . Ive been using it for years and its been proven to be worthy for what it does.


Regards,
Marios A. Spinthiras



On Mon, 07 Aug 2006 06:41:30 +0300, Murda Mcloud <murdamcloud () bigpond com> wrote:



Hi all,
I have a windows xp machine that I want to take a binary image of. Can I
boot into knoppix on this same machine and use it to dump the binary onto a dvd/cd? I'm guessing this would depend on whether I could get support for my
dvd writer.




---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------




--
Using Opera's revolutionary e-mail client: http://www.opera.com/mail/

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------



---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------


Current thread: