PaulDotCom mailing list archives
Forensic File Analysis
From: iamnowonmai at gmail.com (iamnowonmai)
Date: Wed, 10 Dec 2008 20:02:01 -0500
On Wed, Dec 10, 2008 at 7:22 PM, Chris Gerling <polarism at gmail.com> wrote:
That was me and the program used to make the .dd vmware-friendly is live view. The cool part is the image.dd is never directly modified, well at least that's the claim :). Haven't checked yet myself.
Hey Chris! I have done a SHA1 before and after Live View and I can verify that, at least in a case like you described. And second on the quick and dirty... keep that to a minimum, especially since the OP used the term "evidentiary." -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20081210/d3ae6ad4/attachment.htm
Current thread:
- Forensic File Analysis Kevin Shortt (Dec 10)
- Forensic File Analysis Tim Mugherini (Dec 10)
- Forensic File Analysis infolookup at gmail.com (Dec 10)
- Forensic File Analysis Chris Gerling (Dec 10)
- Forensic File Analysis iamnowonmai (Dec 10)
- Forensic File Analysis Chris Gerling (Dec 10)
- Forensic File Analysis iamnowonmai (Dec 10)
- Forensic File Analysis Chris Gerling (Dec 10)
- Forensic File Analysis Chris Gerling (Dec 10)
- Forensic File Analysis Tim Krabec (Dec 10)
- Gonzor / Themiddler / PEScrambler Nils (Dec 16)
- Gonzor / Themiddler / PEScrambler Karl Schuttler (Dec 16)
- Gonzor / Themiddler / PEScrambler Nathan Sweaney (Dec 16)
- Gonzor / Themiddler / PEScrambler Raffi Jamgotchian (Dec 16)
- Gonzor / Themiddler / PEScrambler Adrian Crenshaw (Dec 16)