PaulDotCom mailing list archives

Forensic File Analysis

From: iamnowonmai at gmail.com (iamnowonmai)
Date: Wed, 10 Dec 2008 20:02:01 -0500

On Wed, Dec 10, 2008 at 7:22 PM, Chris Gerling <polarism at gmail.com> wrote:

That was me and the program used to make the .dd vmware-friendly is
live view.  The cool part is the image.dd is never directly modified,
well at least that's the claim :).  Haven't checked yet myself.




Hey Chris! I have done a SHA1 before and after Live View and I can verify
that, at least in a case like you described. And second on the quick and
dirty... keep that to a minimum, especially since the OP used the term
"evidentiary."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20081210/d3ae6ad4/attachment.htm

Current thread:

Forensic File Analysis Kevin Shortt (Dec 10)
- Forensic File Analysis Tim Mugherini (Dec 10)
- Forensic File Analysis infolookup at gmail.com (Dec 10)
  - Forensic File Analysis Chris Gerling (Dec 10)
    - Forensic File Analysis iamnowonmai (Dec 10)
    - Forensic File Analysis Chris Gerling (Dec 10)
    - Forensic File Analysis iamnowonmai (Dec 10)
    - Forensic File Analysis Chris Gerling (Dec 10)
    - Forensic File Analysis Tim Krabec (Dec 10)
  - Forensic File Analysis wishi (Dec 11)
    - Gonzor / Themiddler / PEScrambler Nils (Dec 16)
    - Gonzor / Themiddler / PEScrambler Karl Schuttler (Dec 16)
    - Gonzor / Themiddler / PEScrambler Nathan Sweaney (Dec 16)
    - Gonzor / Themiddler / PEScrambler Raffi Jamgotchian (Dec 16)
    - Gonzor / Themiddler / PEScrambler Adrian Crenshaw (Dec 16)

(Thread continues...)