Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Forensic help?

From: Paul Robertson <compuwar () gmail com>
Date: Fri, 16 Sep 2005 14:05:25 -0400
On 9/12/05, Nick FitzGerald <nick () virus-l demon co uk> wrote:

Anyway, much as I am an _only very occasional_ user of Ghost, I don't
think I've ever used it NOT to make a sector-level, or raw disk image,
style drive copy.  However, as I last used it so long ago, I decided to
check I was not mis-remembering -- two seconds at Google turned up this
URL discussing "...the Ghost switches to use for forensic imaging or
for creating raw images (sector copies)..." (URL may wrap):

http://service1.symantec.com/SUPPORT/ghost.nsf/docid/2001111413481325?Op
en&src=&docid=19


G'day Nick,

While you *can* use Ghost to get a complete image, the switches change
from version to version and it's really a PITA to test what does what
when.  Most folks I know if the field have decided there's too much
room for error with Ghost.  Also, it means more to document, which is
bad for the lazy ;).

Paul
-- 
www.compuwar.net
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: