Full Disclosure mailing list archives
Re: Forensic help?
From: Paul Schmehl <pauls () utdallas edu>
Date: Mon, 12 Sep 2005 10:08:52 -0500
--On Monday, September 12, 2005 10:11:24 -0400 Red Leg <redleg18 () gmail com> wrote:
Yes. dcfldd is a bit for bit copy of the drive. All bits, including deleted files, etc., are included.Does dcfldd allow me to mirror the disk in such a manner as to include deleted files? I can not swap drives. I need to obtain an image with which I can "undelete" files that were conventionally erased. Will dcfldd provide such an image?
Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/ir/security/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Forensic help? Red Leg (Sep 11)
- Re: Forensic help? KF (lists) (Sep 11)
- RE: Forensic help? dave kleiman (Sep 11)
- Re: Forensic help? Jason Coombs (Sep 11)
- Re: Forensic help? Paul Schmehl (Sep 11)
- Re: Forensic help? Red Leg (Sep 11)
- Re: Forensic help? Red Leg (Sep 12)
- Message not available
- Re: Forensic help? Ragone_Andrew (Sep 12)
- Re: Forensic help? KF (lists) (Sep 12)
- Re: Forensic help? fd (Sep 12)
- Re: Forensic help? Paul Schmehl (Sep 12)
- Re: Forensic help? als (Sep 12)
- Re: Forensic help? KF (lists) (Sep 11)
- <Possible follow-ups>
- RE: Forensic help? James Wicks (Sep 11)
- Re: Forensic help? Andrew Farmer (Sep 11)
- RE: Forensic help? Sims Brian (Sep 12)
- Re: Forensic help? James Wicks (Sep 12)
- Re: Forensic help? Nick FitzGerald (Sep 12)
- Re: Forensic help? Paul Robertson (Sep 16)
- Re: Forensic help? James Wicks (Sep 12)