Forensic File Analysis

[tkrabec at gmail.com (Tim Krabec)]

Don't forget about a write blocker on the source drive.

On Wed, Dec 10, 2008 at 7:22 PM, Chris Gerling <polarism at gmail.com> wrote:

> That was me and the program used to make the .dd vmware-friendly is
> live view.  The cool part is the image.dd is never directly modified,
> well at least that's the claim :).  Haven't checked yet myself.  I
> like it as a quick dirty analysis but it should not be substituted for
> in depth analysis.
>
> -Chris Gerling
>
> On Dec 10, 2008, at 5:49 PM, infolookup at gmail.com wrote:
>
> > I saw an ep of Hak5 and the discussed using Helix forensics disk to
> > make an image of the system and you can mount that image in vmware
> > for viewing.
> > Sent from my Verizon Wireless BlackBerry
> >
> > -----Original Message-----
> > From: "Kevin Shortt" <kevin.shortt at gmail.com>
> >
> > Date: Wed, 10 Dec 2008 16:30:25
> > To: <pauldotcom at pdc-mail.pauldotcom.com>
> > Subject: [Pauldotcom] Forensic File Analysis
> >
> >
> > _______________________________________________
> > Pauldotcom mailing list
> > Pauldotcom at mail.pauldotcom.com
> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > Main Web Site: http://pauldotcom.com
> >
> > _______________________________________________
> > Pauldotcom mailing list
> > Pauldotcom at mail.pauldotcom.com
> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > Main Web Site: http://pauldotcom.com
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com



-- 
Tim Krabec
Kracomp
772-597-2349
smbminute.com
kracomp.blogspot.com
www.kracomp.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20081210/98dc98f2/attachment.htm