Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Hard drive images

From: ldreamer <ldreamer () pisem net>
Date: 06 Aug 2003 16:08:38 +1200
On Wed, 2003-08-06 at 10:26, Craig Pratt wrote:

On Tuesday, Aug 5, 2003, at 13:23 US/Pacific, Ron DuFresne wrote:

On Tue, 5 Aug 2003, David Hayes wrote:


Our old standby, "dd", is perfectly acceptable for making an image of
a hard drive to be used in court.  It's even the #1 choice of the FBI,
and accepted by U.S. federal courts.  From the trial court order on
admission of evidence in the case of Zacarias Moussaoui (the accused
20th hijacker of 9/11):



Interesting, I would have thought that the original was required for 
the
courts, and that forensics was conducted on the copy.

Thanks,

Ron DuFresne


I believe there are ways to recover data at the physical/magnetic level 
- magnetic  remnants of previously-deleted data, for instance - which 
would require access to the original platters. I read an article about 
this somewhere - would have to be SciAm or /.


Peter Gutmann has written a nice paper on data recovery of this very
nature, it can be found at:
http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html

--
Ldreamer

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: