Re: (article) "We recovered the laptop!" ... so what?

[Herve Roggero <hroggero () pynlogic com>]

Hi everyone

This thead is very interesting. All techniques so far deal with reading data at a low level. Will Windows Vista prevent 
techniques such as Symantec Ghost? I understand that Vista performs bit-level encryption with its BitLocker technology.

Thanks.

Herve Roggero
Managing Partner
Pyn Logic LLC
Visit www.pynlogic.com 

-----Original Message-----
From: "Max Hozven" <mhozven () tealeaf com>
To: "sawaba" <sawaba () forced attrition org>; "blitz" <blitz () strikenet kicks-ass net>
Cc: dataloss () attrition org
Sent: 2/12/07 1:27 AM
Subject: Re: [Dataloss] (article) "We recovered the laptop!" ... so  what?

Or boot up on a Symantec Ghost boot disk, then blast the data over to a
network drive or a connected USB drive.

-Max

-----Original Message-----
From: dataloss-bounces () attrition org
[mailto:dataloss-bounces () attrition org] On Behalf Of sawaba
Sent: Sunday, February 11, 2007 9:09 PM
To: blitz
Cc: dataloss () attrition org
Subject: Re: [Dataloss] (article) "We recovered the laptop!" ... so
what?

You don't even have to mess with mirroring it. You can create a Linux
boot 
disk, specifically set up with scripts that search for juicy data, and 
then upload them to your server over Wi-Fi. On a fairly new laptop, you 
should have data (if there's any data to be had) within 30 minutes.
You'll 
be done in an hour or two unless there is a huge amount of data you want

to grab.

And because you are mounting the Fat32 or NTFS volume read-only, no
dates 

_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss
Tracking more than 146 million compromised records in 570 incidents over 7 years.