PaulDotCom mailing list archives
Forensic File Analysis
From: polarism at gmail.com (Chris Gerling)
Date: Wed, 10 Dec 2008 21:56:13 -0500
LOL yeah I am just a guy on the Internet. Don't take my word for it! -Chris Gerling On Dec 10, 2008, at 9:33 PM, iamnowonmai <iamnowonmai at gmail.com> wrote:
By the time we are getting into these types of conversations, it is a good indication that if the data is of any importance at all to the OP, he should probably call in a forensic person and not touch anything else. 2008/12/10 Chris Gerling polarism at gmail.com True. I didn't mean to imply it isn't forensically sound. The law enforcement version is more likely to sail through court like a breeze, however. Even so, in all forensic cases proper chain of custody and documentation will set the foundation. -Chris Gerling On Dec 10, 2008, at 8:02 PM, iamnowonmai <iamnowonmai at gmail.com> wrote:On Wed, Dec 10, 2008 at 7:22 PM, Chris Gerling <polarism at gmail.com> wrote: That was me and the program used to make the .dd vmware-friendly is live view. The cool part is the image.dd is never directly modified, well at least that's the claim :). Haven't checked yet myself. Hey Chris! I have done a SHA1 before and after Live View and I can verify that, at least in a case like you described. And second on the quick and dirty... keep that to a minimum, especially since the OP used the term "evidentiary."_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20081210/5f9990fc/attachment.htm
Current thread:
- Forensic File Analysis Kevin Shortt (Dec 10)
- Forensic File Analysis Tim Mugherini (Dec 10)
- Forensic File Analysis infolookup at gmail.com (Dec 10)
- Forensic File Analysis Chris Gerling (Dec 10)
- Forensic File Analysis iamnowonmai (Dec 10)
- Forensic File Analysis Chris Gerling (Dec 10)
- Forensic File Analysis iamnowonmai (Dec 10)
- Forensic File Analysis Chris Gerling (Dec 10)
- Forensic File Analysis Chris Gerling (Dec 10)
- Forensic File Analysis Tim Krabec (Dec 10)
- Gonzor / Themiddler / PEScrambler Nils (Dec 16)
- Gonzor / Themiddler / PEScrambler Karl Schuttler (Dec 16)
- Gonzor / Themiddler / PEScrambler Nathan Sweaney (Dec 16)
- Gonzor / Themiddler / PEScrambler Raffi Jamgotchian (Dec 16)
- Gonzor / Themiddler / PEScrambler Adrian Crenshaw (Dec 16)
- Gonzor / Themiddler / PEScrambler Arch Angel (Dec 16)
- Gonzor / Themiddler / PEScrambler wishi (Dec 16)
- Gonzor / Themiddler / PEScrambler Dimitrios Kapsalis (Dec 16)