Re: Digital Evidence Question - What is an effective Windows hard -disk search tool?

["Dana Epp" <dana () vulscan com>]

In a pinch you can use something like Knoppix, which will boot Linux from a
CD, assuming your bios is configured to allow for CD boot. This way you
don't have to strip the HD from the rest of the hardware and can still get
all the information from the machine and copy/clone it to a network disk,
other harddisks etc.

I'm not sure if it has the NTFS fs compiled in, but it would be nothing to
do that if it hasn't been.

---
Regards,
Dana M. Epp


----- Original Message ----- 
From: "Gene LeDuc" <Gene.LeDuc () tns-md com>
To: "'Wilcox, Stephen'" <StephenWilcox () universalcomputersys com>
Cc: <security-basics () securityfocus com>
Sent: Wednesday, June 18, 2003 3:19 PM
Subject: RE: Digital Evidence Question - What is an effective Windows
hard -disk search tool?


> If all you want to do is recover the info, you can attach the hard drive
to
> a linux box and mount the NTFS partition.  From that point you can browse
> the NTFS file system and copy any files you want.  Depending on the flavor
> and version of linux, you may have to load an NTFS driver; I believe
> sourceforge has a read-only driver.  If you don't have a linux box hanging
> around then I suppose you could also attach the drive to another MS box
and
> access it natively.
>
> -----Original Message-----
> From: Wilcox, Stephen [mailto:StephenWilcox () universalcomputersys com]
> Sent: Wednesday, June 18, 2003 11:54 AM
> To: security-basics () securityfocus com
> Subject: RE: Digital Evidence Question - What is an effective Windows
> hard -disk search tool?
>
>
> Hello
>
> It funny that this discussion started in the last few days..  As Murphy
> would have it, last night while installing a new nic card.  Something
> happened to the boot.ini file and corrupted it. I don't know how or why
> except the possibility of it writing to the boot.ini file the nic
> information.  I don't think that this information is stored in the
boot.ini
> file but maybe.  Anyway the problem I ran into is that the win would not
> load and I couldn't recover it.  (No safe mode, no fixboot, no fixmbr,
> nothing)  I figured I would just overlay an OS on top of the old one and
> then recover the information, no luck the process would not perform unless
I
> format.  Great...  If you know what I mean.  I have been researching free
> tools to recover lost data but no real luck in a software that performs
> properly.  I was wondering if anyone has/knows of one.  Looking to recover
> my office files - *.xls, *.pst file and *.doc files.
>
> Stephen
>
> --------------------------------------------------------------------------
-
> Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
> The Gartner Group just put Neoteris in the top of its Magic Quadrant,
> while InStat has confirmed Neoteris as the leader in marketshare.
>
> Find out why, and see how you can get plug-n-play secure remote access in
> about an hour, with no client, server changes, or ongoing maintenance.
>
> Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
> --------------------------------------------------------------------------
--
>


---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
     
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
          
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------