Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Forensic tool to recommend?

From: "ragdelaed" <ragdelaed () gmail com>
Date: Wed, 30 May 2007 19:52:41 -0400
I would think you wanted read only if you were conducting a forensic
examination, right? Or am I reading this wrong?

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of Erik Luken
Sent: Wednesday, May 30, 2007 3:58 PM
To: security-basics () securityfocus com
Subject: Re: Forensic tool to recommend?

Biggest issue I've noticed here, is that Helix does not recognize SATA 
cdroms. Booting from such, you get a limited read-only usage.

----- Original Message ----- 
From: "Richard Lane" <lane.security () gmail com>
To: <security-basics () securityfocus com>
Sent: Wednesday, May 30, 2007 7:55 AM
Subject: Re: Forensic tool to recommend?



I recommend the HELIX LiveCD distro. It has both Windows and Linux "sides"
- booting from cold will give access to the Linux toolset, however loading
the CD in Windows provides access to a variety of Windows tools.

http://www.e-fense.com/helix/

Good luck

Richard




From: Fabio Cerullo <fcerullo_at_gmail.com>
Date: Tue, 29 May 2007 07:53:28 +0100



Hi All,
I am evaluating some tools for gathering evidence in Linux and Windows

distros.

In particular I am interested in recovering files/folders which have
been deleted "accidentally" from the PC.
I am aware there are some Live CD's with Linux installed that could
mount a drive and try to recover those files but don't know anyone in
particular.
Any help will be really appreciated.
Thank you very much.
Greetings,
Fabio
Previous By Date Next
Previous By Thread Next

Current thread: