Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Digital Evidence Question - What is an effective Windows hard -disk search tool?

From: Ansgar Wiechers <bugtraq () planetcobalt net>
Date: Sat, 21 Jun 2003 02:28:19 +0200
Raoul,

On 2003-06-19 Raoul Armfield wrote:

From: Gene LeDuc [mailto:Gene.LeDuc () tns-md com] 
Sent: Wednesday, June 18, 2003 6:20 PM

If all you want to do is recover the info, you can attach the hard
drive to a linux box and mount the NTFS partition.  From that point
you can browse the NTFS file system and copy any files you want.
Depending on the flavor and version of linux, you may have to load an
NTFS driver; I believe sourceforge has a read-only driver.  If you
don't have a linux box hanging around then I suppose you could also
attach the drive to another MS box and access it natively.


Let me start by saying I have learned a lot from this list.  However,
my question now is, why do so many of you try to solve everything
using linux.  I realize that linux is an excellent OS and a true NOS
however, in this case isn't that like going to points C and D to get
from A to B?


Not necessarily.


Like Chris Berry said and Gene LeDuc conceded, simply drop it into a
Win2K box as a slave and copy the files. Worse come to worse you take
ownership of the files in question (you do have admin rights on a
Win2K box right?)


This is one option. Using Linux is another one (especially if you don't
happen to have another Win2k box or are - for some reason - unable or
unwilling to remove the harddisk from the box). In cases like that you
could try booting Linux from a floppy or a CD, get the network interface
up and copy the files over the network.


Sometimes we get lost in the simplicity of the answer.  No need to
load NTFS drivers in linux.


There is most likely no need to do that. Most distributions come with
built-in NTFS support so the only thing you have to do is mount the
filesystem.

Regards
Ansgar Wiechers

---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
     
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
          
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: