Security Basics mailing list archives
RE: tools used to examine a computer
From: H C <keydet89 () yahoo com>
Date: Tue, 18 Feb 2003 10:02:03 -0800 (PST)
Also on the point of copying files over the network first, correct me if I'm wrong but that damages the chain of evidence.
Now so? If one collects the necessary info (ie, MAC times, NTFS ADSs, permissions, full path, etc), hashes the file (MD5 and/or SHA-1), and then copies the file over the network using something like 'dd' or type, and netcat/cryptcat, how is the chain of evidence broken? Especially if it's documented?
Have a look at the link below, goes about it a bit long winded but essentially shows how to clone a hard drive over a network connection. This can be done with Windows machines as DD and Netcat can be run from floppy on a Windows machine.
I'm not sure what you're getting at...first you make a reference to breaking the chain of evidence by copying a file, but then you talk about cloning an os over the network using dd and netcat. Wouldn't doing so also break your chain of evidence, if your reasoning is to hold? __________________________________________________ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com
Current thread:
- tools used to examine a computer Hopkins, Joshua (Feb 14)
- Re: tools used to examine a computer Chuck Swiger (Feb 14)
- Re: tools used to examine a computer Ivan Hernandez (Feb 18)
- Re: tools used to examine a computer planz (Feb 19)
- <Possible follow-ups>
- RE: tools used to examine a computer Michael Parker (Feb 14)
- RE: tools used to examine a computer Mitchell, Edmund (Feb 14)
- RE: tools used to examine a computer Nickels, Walter P (Nick), SOLCM (Feb 14)
- re: tools used to examine a computer H C (Feb 17)
- RE: tools used to examine a computer Trevor Cushen (Feb 18)
- RE: tools used to examine a computer H C (Feb 19)
- RE: tools used to examine a computer Trevor Cushen (Feb 18)
- RE: tools used to examine a computer Trevor Cushen (Feb 19)
- Checkpoint NG - SMTP Guard Features McKenzie Family (Feb 20)
- Re: Checkpoint NG - SMTP Guard Features Steve Suehring (Feb 20)
- Message not available
- Re: Checkpoint NG - SMTP Guard Features Mel (Feb 20)
- Checkpoint NG - SMTP Guard Features McKenzie Family (Feb 20)
- RE: tools used to examine a computer Trevor Cushen (Feb 20)
- RE: tools used to examine a computer H C (Feb 20)
- RE: tools used to examine a computer Robinson, Sonja (Feb 20)
- RE: tools used to examine a computer Trevor Cushen (Feb 20)
- RE: tools used to examine a computer H C (Feb 20)