|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Full-disclosure] Forensic help?
From: Jason Coombs (jasonc
science.org)
Date: Sun Sep 11 2005 - 18:42:26 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Red Leg wrote:
> I was wondering if anyone knows of a program/system that I can purchase, as
> a private individual, that will allow me to
...
> 3) Find any CONVENTIONALLY erased files?
>
> -- This would be either a Windows NTFS or FAT32 drive.
Use dcfldd to make the drive image.
http://sourceforge.net/projects/dcfldd
Then use Recover My Files and/or Mount Image Pro + your preferred
deleted file recovery software. Mount Image Pro gives you the ability to
mount raw forensic drive images produced using dd as well as EnCase
forensic image file sets.
http://www.recovermyfiles.com/
http://www.getdata.com/
http://www.mountimage.com/
Regards,
Jason Coombs
jasoncscience.org
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]