Security Basics mailing list archives
RE: Forensic tool to recommend?
From: "ragdelaed" <ragdelaed () gmail com>
Date: Wed, 30 May 2007 20:31:20 -0400
Do any other live cd's boot and run? Or have any previous versions of helix worked? The latest is 1.8 on 10-06-06. Do you have an old copy laying about? If it boots, it should be able to mount the ram drive as long as the target machine is working properly. If it cant, it should identify the error in the screen dump in some fashion, at least point to the halt point, yes? -----Original Message----- From: Erik Luken [mailto:eluken () pentarch org] Sent: Wednesday, May 30, 2007 7:58 PM To: ragdelaed; security-basics () securityfocus com Subject: Re: Forensic tool to recommend? By limited usage, I mean next to none. The cd would boot, but not mount any ram-drives to do the tests. Now that I think about it, I'm not sure if it was the SATA CD or HDD that was causing this. I'll have to check again. ----- Original Message ----- From: "ragdelaed" <ragdelaed () gmail com> To: "'Erik Luken'" <eluken () pentarch org>; <security-basics () securityfocus com> Sent: Wednesday, May 30, 2007 6:52 PM Subject: RE: Forensic tool to recommend?
I would think you wanted read only if you were conducting a forensic examination, right? Or am I reading this wrong? -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Erik Luken Sent: Wednesday, May 30, 2007 3:58 PM To: security-basics () securityfocus com Subject: Re: Forensic tool to recommend? Biggest issue I've noticed here, is that Helix does not recognize SATA cdroms. Booting from such, you get a limited read-only usage. ----- Original Message ----- From: "Richard Lane" <lane.security () gmail com> To: <security-basics () securityfocus com> Sent: Wednesday, May 30, 2007 7:55 AM Subject: Re: Forensic tool to recommend? I recommend the HELIX LiveCD distro. It has both Windows and Linux "sides" - booting from cold will give access to the Linux toolset, however loading the CD in Windows provides access to a variety of Windows tools. http://www.e-fense.com/helix/ Good luck RichardFrom: Fabio Cerullo <fcerullo_at_gmail.com> Date: Tue, 29 May 2007 07:53:28 +0100Hi All, I am evaluating some tools for gathering evidence in Linux and Windowsdistros.In particular I am interested in recovering files/folders which have been deleted "accidentally" from the PC. I am aware there are some Live CD's with Linux installed that could mount a drive and try to recover those files but don't know anyone in particular. Any help will be really appreciated. Thank you very much. Greetings, Fabio
Current thread:
- Re: Forensic tool to recommend?, (continued)
- Re: Forensic tool to recommend? Carlos Madrid (May 29)
- Re[2]: Forensic tool to recommend? Adam Pal (May 30)
- Re: Forensic tool to recommend? webmaster (May 30)
- Re: Forensic tool to recommend? Fabio Cerullo (May 30)
- Re: Forensic tool to recommend? Nikhil Wagholikar (May 30)
- Re: Forensic tool to recommend? Chris Barber (May 30)
- Re: Forensic tool to recommend? Richard Lane (May 30)
- Re: Forensic tool to recommend? Erik Luken (May 30)
- RE: Forensic tool to recommend? ragdelaed (May 30)
- Re: Forensic tool to recommend? Erik Luken (May 30)
- RE: Forensic tool to recommend? ragdelaed (May 30)
- Re: Forensic tool to recommend? Erik Luken (May 31)
- Re: Forensic tool to recommend? foo (May 31)
- Re: Forensic tool to recommend? Erik Luken (May 30)
- Re: Forensic tool to recommend? Carlos Madrid (May 29)