Security Basics mailing list archives
Re: dd vs windows...
From: "Jon Wallace" <jon () b69ca com>
Date: Wed, 9 Aug 2006 19:09:18 -0400
Hi,There is a nice program called Drive Snapshot (http://www.drivesnapshot.de/en/). This tool allows you to take an image of a machine whilst it's running. What's more, if you change things (install software etc) whilst the imaging is in process, the new additions are not part of the image.
I would then take this image and restore it to a virtual machine (VMWare / MS VPC) which you can then do all of the forensics you wish. Taking this to the next level, you could kick this off remotely with a low priority and take an image of a PC without the user even knowing.
Hope this helps, Jon Wallace AppSense - http://www.appsense.com -----AppSense Application Manager is a set and forget solution when it comes to stopping unauthorized executables - stopping malware, spyware and unwanted applications.
---------- Original Message ----- From: "Marios A. Spinthiras" <mario () netway com cy>
To: <security-basics () securityfocus com> Sent: Wednesday, August 09, 2006 2:02 AM Subject: Re: dd vs windows...
there is an easier way over the network if your are interested. Try : http://udpcast.linux.lu . Ive been using it for years and its been proven to be worthy for what it does.Regards, Marios A. SpinthirasOn Mon, 07 Aug 2006 06:41:30 +0300, Murda Mcloud <murdamcloud () bigpond com> wrote:Hi all, I have a windows xp machine that I want to take a binary image of. Can Iboot into knoppix on this same machine and use it to dump the binary onto a dvd/cd? I'm guessing this would depend on whether I could get support for mydvd writer. --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellencein Information Security. Our program offers unparalleled Infosec managementeducation and the case study affords you unmatched consulting experience.Using interactive e-Learning technology, you can earn this esteemed degree,without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ----------------------------------------------------------------------------- Using Opera's revolutionary e-mail client: http://www.opera.com/mail/ --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINEThe NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
--------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINEThe NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- dd vs windows... Murda Mcloud (Aug 08)
- Re: dd vs windows... Chris Largret (Aug 08)
- R: dd vs windows... Sebastian Zdrojewski (Aug 08)
- RE: dd vs windows... Murda Mcloud (Aug 09)
- Re: dd vs windows... bloo (Aug 10)
- RE: dd vs windows... Murda Mcloud (Aug 09)
- Re: dd vs windows... Marios A. Spinthiras (Aug 09)
- Re: dd vs windows... Jon Wallace (Aug 10)
- Re: dd vs windows... Robert . Graham (Aug 10)
- Re: dd vs windows... Pablo Sanz Mercado (Aug 09)