Re[2]: Forensic tool to recommend?

[Adam Pal <pal_adam () gmx net>]

Hello

Personaly i dont like EnCase, i consider it too expensive and too hard
to use if you just are interested in recover some data.
You can have a look at ForensicToolKit at
http://www.accessdata.com/common/pagedetail.aspx?PageCode=homepage
which is really cheaper than EnCase
or if you like to go the cheap way, you can use a Helix-Linux
( http://www.e-fense.com/helix/ ) which is a hybrid, means can be used
also from windows (but just certain tools).
There you have foremost, which you can greatly use to recover files.
Autopsy is mostly for analyse dead system, ie. having an image (like
dd) and analyze that one for particular datablocks, where it requires
some background to use it or gather some information.
Personaly i dont think that autopsy itself will restore any files,
foremost can do that.



-- 
Best regards,
 Adam Pal   

Tuesday, May 29, 2007, 10:59:30 PM, you wrote:

<==============Original message text===============
CM> LiveCD:
CM> http://www.remote-exploit.org/backtrack_download.html
CM> You'll probably have the best luck with: Autopsy

CM> Expensive forensics tool:
CM> http://www.guidancesoftware.com/products/ef_index.aspx

CM> -los

CM> On 5/29/07, Fabio Cerullo <fcerullo () gmail com> wrote:
> > Hi All,
> >
> > I am evaluating some tools for gathering evidence in Linux and Windows distros.
> >
> > In particular I am interested in recovering files/folders which have
> > been deleted "accidentally" from the PC.
> >
> > I am aware there are some Live CD's with Linux installed that could
> > mount a drive and try to recover those files but don't know anyone in
> > particular.
> >
> > Any help will be really appreciated.
> >
> > Thank you very much.
> >
> > Greetings,
> >
> > Fabio

<===========End of original message text===========

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature