Security Basics mailing list archives
RE: Initial Machine login - Computer Forensics 101
From: "David Gillett" <gillettdavid () fhda edu>
Date: Mon, 4 Feb 2008 09:23:36 -0800
Making the copy is the FIRST approach. In fact, make TWO copies -- one to save, and one to analyze. Hubby may want his laptop back, and it doesn't sound like you have any legal basis to hold onto it. There are tools that will let you set the Administrator password and log in. But that immediately opens the question of what things on the drive are the result of hubby's actions, and which of YOURS. If there's any chance of someone wanting your findings to be given as courtroom evidence, you don't want that to be in question. Ideally, you want to be able to give the opposing legal team their own copy of the drive image as you received it, so they can have their own analysis done. (Hopefully, they'll come up with near enough the same results you did that the matter won't have to go to trial.) David Gillett
-----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Michael Condon Sent: Saturday, February 02, 2008 8:15 PM To: security-basics () securityfocus com Subject: Initial Machine login - Computer Forensics 101 Here is a Computer Forensics 101 question. Suppose a distraught woman comes to me with her husband's laptop and wants me to search it for information about a suspected marital indescretion. 1. Assuming it is an XP/Vista machine, how can I log in as administrator? 2. Is the second approach to make a bistream copy of the hard drive using an external USB har drive enclosure and proceed that way?
Current thread:
- Re: Initial Machine login - Computer Forensics 101, (continued)
- Re: Initial Machine login - Computer Forensics 101 Danyelle Gragsone (Feb 04)
- Re: Initial Machine login - Computer Forensics 101 Ansgar -59cobalt- Wiechers (Feb 04)
- RE: Initial Machine login - Computer Forensics 101 Worrell, Brian (Feb 04)
- Re: Initial Machine login - Computer Forensics 101 Michael Condon (Feb 04)
- RE: Initial Machine login - Computer Forensics 101 Worrell, Brian (Feb 05)
- RE: Initial Machine login - Computer Forensics 101 Murda Mcloud (Feb 05)
- RE: Initial Machine login - Computer Forensics 101 Steven Bonici (Feb 06)
- RE: Initial Machine login - Computer Forensics 101 Craig Wright (Feb 08)
- Re: Initial Machine login - Computer Forensics 101 Michael Condon (Feb 04)