Full Disclosure mailing list archives

Re: Forensic help?

From: Red Leg <redleg18 () gmail com>
Date: Mon, 12 Sep 2005 10:11:24 -0400

On 9/11/05 8:21 PM, "Paul Schmehl" <pauls () utdallas edu> wrote:

Download the knoppix std distro and burn it to a cd.  Use dcfldd for drive
imaging and the forensics tools for recovery of erased files and the like.


Paul.

Does dcfldd allow me to mirror the disk in such a manner as to include
deleted files? I can not swap drives. I need to obtain an image with which I
can "undelete" files that were conventionally erased.

Will dcfldd provide such an image?


Thanks!


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Forensic help? Red Leg (Sep 11)
- Re: Forensic help? KF (lists) (Sep 11)
  - RE: Forensic help? dave kleiman (Sep 11)
- Re: Forensic help? Jason Coombs (Sep 11)
- Re: Forensic help? Paul Schmehl (Sep 11)
  - Re: Forensic help? Red Leg (Sep 11)
  - Re: Forensic help? Red Leg (Sep 12)
    - Message not available
    - Re: Forensic help? Ragone_Andrew (Sep 12)
    - Re: Forensic help? KF (lists) (Sep 12)
    - Re: Forensic help? fd (Sep 12)
    - Re: Forensic help? Paul Schmehl (Sep 12)
    - Re: Forensic help? als (Sep 12)
- Re: Forensic help? Red Leg (Sep 11)
- Re: Forensic help? Christophe Garault (Sep 12)
- <Possible follow-ups>
- RE: Forensic help? James Wicks (Sep 11)
  - Re: Forensic help? Andrew Farmer (Sep 11)
- RE: Forensic help? Sims Brian (Sep 12)

(Thread continues...)