Full Disclosure mailing list archives

Re: Full-disclosure Digest, Vol 7, Issue 25

From: druid () stonedcoder org
Date: Mon, 12 Sep 2005 01:29:18 -0400 (EDT)

Purchase? no. You can dd the drive and use a utility to recognize fileswithin the unallocated space, I just had to do this a couple nights agoso:


(on system you want to copy)
dd if=/dev/hda | nc otherhost 5000

(on your lappy or whatever)
nc -l -p 5000 | dd of=./blah

I was copying from one partition on an old disk to an unpartitioned spaceon another disk in another machine, there are a bunch of ways of doingthis but that is a quick and dirty way of copying the readable data on a

drive to another location. You are on your own as far as finding deleted
files, but there are programs available. BTW you can mount that file like

a drive! Read the dd man page and remember "-" == stdin/stdout. I hopethis was useful, I just remembered you asked for a commercial solution forthis implying a lack of linux foo so if this is totally greek I appologize.

BTW: nc == netcat, and you can use a similar trick with tar if you have noneed to find deleted files later. Useful for the sys admins out there, ORuse with ssh for a cheap and dirty crypted file transfer solution (but whynot just use scp..)


--druid

P.S. I am only sharing this because I just had to use this trick (andfailed with the dd btw but thats another issue entirely) and it is prettyhandy for moving data around using a boot cd and a NIC.

Message: 11
Date: Sun, 11 Sep 2005 18:33:43 -0400
From: Red Leg <redleg18 () gmail com>
Subject: [Full-disclosure] Forensic help?
To: <full-disclosure () lists grok org uk>
Message-ID: <BF4A2907.8BD0%redleg18 () gmail com>
Content-Type: text/plain;       charset="US-ASCII"

Hi all.

I was wondering if anyone knows of a program/system that I can purchase, as
a private individual, that will allow me to

1) mirror a hard drive on location and

2) take that mirror and restore it to another drive. And

3) Find any CONVENTIONALLY erased files?

-- This would be either a Windows NTFS or FAT32 drive.

Anyone have first hand experience? Please let me know, if you do. In ANY
case, please suggest whatever you might have learned even without first hand
experience.

Thanks!

Redleg18

------------------------------

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

End of Full-Disclosure Digest, Vol 7, Issue 25
**********************************************

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: Full-disclosure Digest, Vol 7, Issue 25 druid (Sep 12)
- Re: Re: Forensics help? Red Leg (Sep 12)
  - Re: Re: Forensics help? druid (Sep 12)
    - Re: Re: Forensics help? fd (Sep 12)
  - Re: Re: Forensics help? Paul Robertson (Sep 13)
    - Re: Re: Forensics help? Red Leg (Sep 13)
- Re: Re: Full-disclosure Digest, Vol 7, Issue 25 fd (Sep 12)
  - Re: Re: Full-disclosure Digest, Vol 7, Issue 25 Gary E. Miller (Sep 12)
    - Re: Re: Full-disclosure Digest, Vol 7, Issue 25 fd (Sep 13)
    - Re: Re: Full-disclosure Digest, Vol 7, Issue 25 Gary E. Miller (Sep 13)
    - Re: Re: Full-disclosure Digest, Vol 7, Issue 2 Gary E. Miller (Sep 13)

(Thread continues...)