Full Disclosure mailing list archives
RE: Forensic help?
From: "dave kleiman" <dave () isecureu com>
Date: Sun, 11 Sep 2005 19:37:16 -0400
KF, Is that a financial decision? Anyone can purchase EnCase. You can mirror it with DD, if you are familiar with it, it is free. Best bang for the buck for imaging a drive, and recovering files and even partitions is R-tools r-tt.com: You would want Drive Image ($49) http://www.drive-image.com/ and R-UNDELETE ($55) http://www.r-undelete.com/. If you need to do the recovery across a network R-studio is ($179) Look here at the bottom of the page to see what each can do: http://www.data-recovery-software.net/ Cheers! __________________________________________________ Dave Kleiman, CAS,CIFI,CISM,CISSP,ISSAP,ISSMP,MCSE www.SecurityBreachResponse.com www.ComputerForensicInvestigations.com
-----Original Message----- From: KF (lists) [mailto:kf_lists () digitalmunition com] Sent: Sunday, September 11, 2005 22:01 To: full-disclosure () lists grok org uk Subject: Re: [Full-disclosure] Forensic help? http://www.sleuthkit.org/ I am not sure how courtroom safe it is. I have had someone suggest to me that choosing sleuthkit was not sanctioned by the xyz blah blah court of bleh (suggesting to use encase instead). As a private individual obviously encase is most likely not an option. -KF Red Leg wrote:Hi all. I was wondering if anyone knows of a program/system that I can purchase, as a private individual, that will allow me to 1) mirror a hard drive on location and 2) take that mirror and restore it to another drive. And 3) Find any CONVENTIONALLY erased files? -- This would be either a Windows NTFS or FAT32 drive. Anyone have first hand experience? Please let me know, if you do. In ANY case, please suggest whatever you might have learnedeven withoutfirst hand experience. Thanks! Redleg18 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Forensic help? Red Leg (Sep 11)
- Re: Forensic help? KF (lists) (Sep 11)
- RE: Forensic help? dave kleiman (Sep 11)
- Re: Forensic help? Jason Coombs (Sep 11)
- Re: Forensic help? Paul Schmehl (Sep 11)
- Re: Forensic help? Red Leg (Sep 11)
- Re: Forensic help? Red Leg (Sep 12)
- Message not available
- Re: Forensic help? Ragone_Andrew (Sep 12)
- Re: Forensic help? KF (lists) (Sep 12)
- Re: Forensic help? fd (Sep 12)
- Re: Forensic help? Paul Schmehl (Sep 12)
- Re: Forensic help? als (Sep 12)
- Re: Forensic help? KF (lists) (Sep 11)