Ethical Hacking Training at InfoSec Institute

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Computer Forensics Computer-Forensics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Destroying filesystems

from [Brian Carrier] Network Security [Permanent Link]
Subject: Re: Destroying filesystems
Date: Fri, 8 Apr 2005 10:07:35 -0500 
On Apr 7, 2005, at 2:43 PM, Maurizio Trinco wrote:

Let me reformulate the whole thing:

a) I'm looking for a utility that:
        a1 - would run in user mode (Admin/root user
OK);
        a2 - would only scramble the MFT/inode table
etc, but would NOT touch the actual data on disk.

The format command does this.... I can't imagine why other utilities would be written to intentionally screw up part of a file system, but not wipe file contents.

b) the purpose of the exercise is to get back the
logical organization of that filesystem (i.e. to
"repair" it) not to actually recover data.
        b1 - by "repair" I mean something much more
difficult than running chkdsk/fsck on that filesystem
i.e. the usual tools shouldn't be able to cope with
the amount of the damage done to the filesystem.

If the purpose of the exercise is to have them rebuild the file system then it sounds easier if you use a hex editor to create a disk image with specific errors / data and distribute copies to them. (If you make the image publicly available, I'll add a link to it from the Digital Forensics Tool Testing site <http://dftt.sourceforge.net>)

brian


-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com

[More with this subject...]


<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: fingerprinting servers--md5deep problem, Jerry Shenk
Next by Date:  Re: fingerprinting servers--md5deep problem, Jesse Kornblum
Previous by Thread:  Re: Destroying filesystems, Maurizio Trinco
Next by Thread:  fingerprinting servers--md5deep problem, Jeff Bryner
Indexes:  [Date] [Thread] [Top] [All Lists]