BreachExchange mailing list archives
Re: (article) "We recovered the laptop!" ... so what?
From: Herve Roggero <hroggero () pynlogic com>
Date: Mon, 12 Feb 2007 08:54:07 -0500
Hi everyone This thead is very interesting. All techniques so far deal with reading data at a low level. Will Windows Vista prevent techniques such as Symantec Ghost? I understand that Vista performs bit-level encryption with its BitLocker technology. Thanks. Herve Roggero Managing Partner Pyn Logic LLC Visit www.pynlogic.com -----Original Message----- From: "Max Hozven" <mhozven () tealeaf com> To: "sawaba" <sawaba () forced attrition org>; "blitz" <blitz () strikenet kicks-ass net> Cc: dataloss () attrition org Sent: 2/12/07 1:27 AM Subject: Re: [Dataloss] (article) "We recovered the laptop!" ... so what? Or boot up on a Symantec Ghost boot disk, then blast the data over to a network drive or a connected USB drive. -Max -----Original Message----- From: dataloss-bounces () attrition org [mailto:dataloss-bounces () attrition org] On Behalf Of sawaba Sent: Sunday, February 11, 2007 9:09 PM To: blitz Cc: dataloss () attrition org Subject: Re: [Dataloss] (article) "We recovered the laptop!" ... so what? You don't even have to mess with mirroring it. You can create a Linux boot disk, specifically set up with scripts that search for juicy data, and then upload them to your server over Wi-Fi. On a fairly new laptop, you should have data (if there's any data to be had) within 30 minutes. You'll be done in an hour or two unless there is a huge amount of data you want to grab. And because you are mounting the Fat32 or NTFS volume read-only, no dates _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tracking more than 146 million compromised records in 570 incidents over 7 years.
Current thread:
- Re: (article) "We recovered the laptop!" ... so what? Max Hozven (Feb 12)
- Re: (article) "We recovered the laptop!" ... so what? B.K. DeLong (Feb 12)
- <Possible follow-ups>
- Re: (article) "We recovered the laptop!" ... so what? Herve Roggero (Feb 12)
- Re: (article) "We recovered the laptop!" ... so what? Al Mac (Feb 12)
- Re: (article) "We recovered the laptop!" ... so what? blitz (Feb 13)
- Re: (article) "We recovered the laptop!" ... so what? Herve Roggero (Feb 13)
- Re: (article) "We recovered the laptop!" ... so what? Adam Shostack (Feb 13)
- Message not available
- Re: (article) "We recovered the laptop!" ... so what? Adam Shostack (Feb 16)
- Re: (article) "We recovered the laptop!" ... so what? B.K. DeLong (Feb 16)
- Re: (article) "We recovered the laptop!" ... so what? sawaba (Feb 16)
- Re: (article) "We recovered the laptop!" ... so what? Adam Shostack (Feb 17)
- Re: (article) "We recovered the laptop!" ... so what? sawaba (Feb 19)
- Re: (article) "We recovered the laptop!" ... so what? Chris Walsh (Feb 13)