Forensic File Analysis

[iamnowonmai at gmail.com (iamnowonmai)]

By the time we are getting into these types of conversations, it is a good
indication that if the data is of any importance at all to the OP, he should
probably call in a forensic person and not touch anything else.

2008/12/10 Chris Gerling polarism at gmail.com

>  True.  I didn't mean to imply it isn't forensically sound.  The law
> enforcement version is more likely to sail through court like a breeze,
> however.
>
> Even so, in all forensic cases proper chain of custody and documentation
> will set the foundation.
>
> -Chris Gerling
>
> On Dec 10, 2008, at 8:02 PM, iamnowonmai <iamnowonmai at gmail.com> wrote:
>
>   On Wed, Dec 10, 2008 at 7:22 PM, Chris Gerling <polarism at gmail.com>wrote:
>
> > That was me and the program used to make the .dd vmware-friendly is
> > live view.  The cool part is the image.dd is never directly modified,
> > well at least that's the claim :).  Haven't checked yet myself.
>
>
>
> Hey Chris! I have done a SHA1 before and after Live View and I can verify
> that, at least in a case like you described. And second on the quick and
> dirty... keep that to a minimum, especially since the OP used the term
> "evidentiary."
>
>  _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
>
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20081210/da1d196b/attachment.htm