Security Basics mailing list archives
Re: dd vs windows...
From: bloo () inkme org
Date: Wed, 9 Aug 2006 15:08:34 -0400
if you are doing this as part of something that may ever ever ever need to be defended in a legal arena (even just to be used as a threat by an attorney) then you need to take quite a few steps to make it a legitimate image. you need to keep record of the chain of custody of the hard drive in question, you need to run an md5 hash of the drive before you dd it, run the hash after you dd it, etc.... long story short, you should have a second system to do the imaging and if at all possible, don't put the imaged drive back into service. put the image on another drive and return that one. keep the original in a safe deposit box somewhere.
there are numerous texts available to cover that aspect of imaging. just remember that at that point, you are assuming the responsibility for every dollar involved in any potential legal action not to mention opening yourself up for liability should something go wrong. this may sound extreme but keep in mind, should this image be used to fire somebody, they have every right to sue the employer for something like wrongful termination and everything you have done for a little internal investigation will be moved into open court.
hope that helps. b. On Aug 8, 2006, at 11:46 PM, Murda Mcloud wrote:
Thanks for the suggestions- iwas wondering about doing a copy for anyevidence gathering that might be needed-does it always have to be done from another machine? Which is why I was wondering whether doing it via knoppixmight be no good. -----Original Message----- From: Sebastian Zdrojewski [mailto:en3py () itvc net] Sent: Wednesday, August 09, 2006 6:31 AM To: security-basics () securityfocus com Subject: R: dd vs windows... Hi,I wonder what is the copy for. If you need a backup copy for disaster-likerecovery you might want to consider ASR function available within the NtBackup utility.If you want to clone the machine, well, then you might consider syspreputility or some 3rd party utility, since that each time you install a computer device you also need to generate a Security ID (SID) for thatdevice, of course w/o touching the licensing issues (each time you want to install an OEM version of the OS you should consider using the OEM builderutilities or similar programs). Those are my 10cents :) Sincerely En3pY -----Messaggio originale----- Da: Murda Mcloud [mailto:murdamcloud () bigpond com] Inviato: lunedì 7 agosto 2006 5.42 A: security-basics () securityfocus com Oggetto: dd vs windows... Hi all,I have a windows xp machine that I want to take a binary image of. Can I boot into knoppix on this same machine and use it to dump the binary onto a dvd/cd? I'm guessing this would depend on whether I could get support for mydvd writer.---------------------------------------------------------------------- -----This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINEThe NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree,without disrupting your career or home life. http://www.msia.norwich.edu/secfocus---------------------------------------------------------------------- ------- No virus found in this incoming message. Checked by AVG Free Edition.Version: 7.1.405 / Virus Database: 268.10.7/411 - Release Date: 07/08/2006---------------------------------------------------------------------- -----This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINEThe NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree,without disrupting your career or home life. http://www.msia.norwich.edu/secfocus---------------------------------------------------------------------- --------------------------------------------------------------------------- -----This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINEThe NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree,without disrupting your career or home life. http://www.msia.norwich.edu/secfocus---------------------------------------------------------------------- -----
--------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- dd vs windows... Murda Mcloud (Aug 08)
- Re: dd vs windows... Chris Largret (Aug 08)
- R: dd vs windows... Sebastian Zdrojewski (Aug 08)
- RE: dd vs windows... Murda Mcloud (Aug 09)
- Re: dd vs windows... bloo (Aug 10)
- RE: dd vs windows... Murda Mcloud (Aug 09)
- Re: dd vs windows... Marios A. Spinthiras (Aug 09)
- Re: dd vs windows... Jon Wallace (Aug 10)
- Re: dd vs windows... Robert . Graham (Aug 10)
- Re: dd vs windows... Pablo Sanz Mercado (Aug 09)