PaulDotCom mailing list archives
foremost and data forensics
From: cayala at tippingpoint.com (Carlos Ayala)
Date: Tue, 19 Jan 2010 10:56:27 -0600
You can use Helix Live CD, is easy you dont need to install anything all the tools for imaging or recovery files are there. There are 2 versions, free and commercial both works great Regards Carlos A. Ayala Rocha CISSP, GPEN, GCIH, GCFA, INFOSEC, Security+, Network+, CWNA, CWSP Senior Systems Engineer Mexico, Central America & Caribbean TippingPoint Technologies (55) 5201-0052 (Office) (55) 1474-5835 (Cell) cayala at tippingpoint.com www.tippingpoint.com ________________________________________ De: pauldotcom-bounces at mail.pauldotcom.com [pauldotcom-bounces at mail.pauldotcom.com] En nombre de Tim Krabec [tkrabec at gmail.com] Enviado el: martes, 19 de enero de 2010 07:18 a.m. Para: PaulDotCom Security Weekly Mailing List Asunto: Re: [Pauldotcom] foremost and data forensics I believe thee are tools but I'm no sure which ones will do that On Jan 19, 2010, at 4:04 AM, Monkey Daemon <monkeywebdaemon at googlemail.com
wrote:
So can I image the partition in "realtime" or do I need to take the server off-line and boot from a live cd? MWD. 2010/1/18 Tim Krabec <tkrabec at gmail.com>:I would recommend that you image the drive, then you can try multiple things with out risk of damaging the original content. As we're all aware sometime the how-tos and directions can need a bit of tweaking, there's nothing like being able to get a second chance or third or fourth when learning. On Mon, Jan 18, 2010 at 2:57 PM, Monkey Daemon <monkeywebdaemon at googlemail.com> wrote:Hi all, I've been asked to search a computer for files that have been deleted recently. As far as I am aware the disks have not been wiped (the directory structure appears to be intact) and there is no need for this to pbe presented in a court of law. I've looked at foremost and it appears to only apply to a given partition. As I am only interested in a particular directory and the disk partion that the directory resides on is an ext3 LVM volume, are there any risks in using foremost to recover this data? Kind regards, MWD _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com-- Tim Krabec Kracomp 772-597-2349 smbminute.com kracomp.blogspot.com www.kracomp.com _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- foremost and data forensics Monkey Daemon (Jan 18)
- foremost and data forensics Tim Krabec (Jan 18)
- foremost and data forensics Monkey Daemon (Jan 19)
- foremost and data forensics Tim Krabec (Jan 19)
- foremost and data forensics Carlos Ayala (Jan 19)
- foremost and data forensics Matt Erasmus (Jan 19)
- foremost and data forensics Michael Miller (Jan 19)
- foremost and data forensics Monkey Daemon (Jan 19)
- foremost and data forensics Jim Halfpenny (Jan 19)
- foremost and data forensics Tim Krabec (Jan 18)