PaulDotCom mailing list archives

Anti-forensic tools

From: irongeek at irongeek.com (Adrian Crenshaw)
Date: Thu, 2 Jul 2009 10:53:26 -0400

Yep, apparently it does. It will be a pain in the butt to test them all, I'd
have to:
1. zero out a drive.
2. Install Windows.
3. run the app in incognito mode.
4. dump the drive.
5. data carve it to see if anything is there.

As a side note, anyone good out there with dd? I'd like to repeat the same
file over and over againd to a block device. for example, I try:

dd if=lemonparty.jpg of=\\.\f: bs=512

it only seems to put the file there once, not over the whole drive. I played
with the count, but that only seems to deal with the bs (block size)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090702/ffb3e177/attachment.htm

Current thread:

Anti-forensic tools, (continued)
- Anti-forensic tools Chris Merkel (Jul 01)
- Anti-forensic tools Jim Halfpenny (Jul 01)
- Anti-forensic tools Jody & Jennifer McCluggage (Jul 01)
  - Anti-forensic tools Joel Folkerts (Jul 01)
    - Anti-forensic tools Adrian Crenshaw (Jul 01)
- Anti-forensic tools Mad Marv (Jul 01)
- Anti-forensic tools Cody Ray (Jul 01)
- Anti-forensic tools Chris Merkel (Jul 01)
  - Anti-forensic tools Adrian Crenshaw (Jul 02)
    - Anti-forensic tools Dimitrios Kapsalis (Jul 02)
    - Anti-forensic tools Adrian Crenshaw (Jul 02)
    - Anti-forensic tools Joshua Wright (Jul 02)
    - Anti-forensic tools Adrian Crenshaw (Jul 02)
    - Anti-forensic tools Jim Halfpenny (Jul 02)
    - Anti-forensic tools Grymoire (Jul 02)
    - Anti-forensic tools Jim Halfpenny (Jul 02)
    - Anti-forensic tools Jack Daniel (Jul 02)
- Anti-forensic tools Grymoire (Jul 02)
  - Anti-forensic tools Joshua Wright (Jul 02)
    - Anti-forensic tools John Strand (Jul 03)
    - Anti-forensic tools Adrian Crenshaw (Jul 03)

(Thread continues...)