Penetration Testing mailing list archives
RE: Light forensics
From: "Boyd, Chad" <CBoyd () madden com>
Date: Mon, 18 Jan 2010 16:18:36 -0600
I use Hiren's Boot CD to recover files and do a few other things. http://www.hiren.info/pages/bootcd - Description http://www.hirensbootcd.net/ - Download Usually when a machine goes crazy, it's the first disk I reach for. Plus, the price is right. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Felipe Martins Sent: Friday, January 15, 2010 11:38 AM To: Levenglick, Jeff Cc: Eduardo Sierra; pen-test () securityfocus com Subject: Re: Light forensics Hi, There is also a good one called "Recover My Files" which is very user friedly and also not so expensive. A trial version can be found at the official site (http://www.recovermyfiles.com/). It costs about USD$ 69,95. It works in a lot of file systems, which can be viewed here at their QuickStart Guide : http://www.recovermyfiles.com/recovery-checklist.php -- Felipe Martins Security Analyst E-mail: martins.felipe.security () gmail com Skype: martins.felipe Levenglick, Jeff wrote:
Eduardo, I'm not sure there really is such a thing as 'light'. If you are just looking to find out who deleted a file and get it back, then to me that is not really true forensics. (people do this daily) True forensics involves freezing hardware/disks for legal reasons...ect If you just want to undelete a file, there are tons of tools out there. (open source, hacker and commercial) Easiest thing is to search google or yahoo. One catch, if the file is on the pc and not on a network and someone has already used the pc since the file was deleted, then your going to have a very low percentage of getting the file back. Jeff -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Eduardo Sierra Sent: January 05, 2010 9:09 AM To: pen-test () securityfocus com Subject: Light forensics Hi, We had a security incident, and i'm doing a "light" forensics. Is there a log you can check to see IP Address Changes in a Windows XP Box? Any good free tool to undelete files? Many thanks, Eduardo Sierra ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------ ----------------------------------------- This e-mail message is private and may contain confidential or privileged information. ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------ ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Light forensics Eduardo Sierra (Jan 06)
- Re: Light forensics Alonso Caballero Quezada / ReYDeS (Jan 11)
- Re: Light forensics Wim Remes (Jan 11)
- Re: Light forensics Tom Ritter (Jan 11)
- Re: Light forensics Adrian Puente Z. (Jan 11)
- Re: Light forensics H. Kurth Bemis (Jan 11)
- RE: Light forensics Levenglick, Jeff (Jan 11)
- RE: Light forensics Dave Kleiman (Jan 11)
- Re: Light forensics Felipe Martins (Jan 18)
- RE: Light forensics Boyd, Chad (Jan 18)
- Re: Light forensics Adel Abushaev (Jan 11)