Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Forensic tool to recommend?

from [Erik Luken] Network Security [Permanent Link]
Subject: Re: Forensic tool to recommend?
Date: Wed, 30 May 2007 21:17:55 -0500
The CD is at work, version 1.8. I'll boot it up tomorrow and see what happens. Been a while since I've used it


----- Original Message ----- From: "ragdelaed" <ragdelaed@gmail.com>
To: "'Erik Luken'" <eluken@pentarch.org>; <security-basics@securityfocus.com>
Sent: Wednesday, May 30, 2007 7:31 PM
Subject: RE: Forensic tool to recommend?


Do any other live cd's boot and run? Or have any previous versions of helix
worked? The latest is 1.8 on 10-06-06. Do you have an old copy laying about?

If it boots, it should be able to mount the ram drive as long as the target
machine is working properly. If it cant, it should identify the error in the
screen dump in some fashion, at least point to the halt point, yes?

-----Original Message-----
From: Erik Luken [mailto:eluken@pentarch.org]
Sent: Wednesday, May 30, 2007 7:58 PM
To: ragdelaed; security-basics@securityfocus.com
Subject: Re: Forensic tool to recommend?

By limited usage, I mean next to none. The cd would boot, but not mount any
ram-drives to do the tests.

Now that I think about it, I'm not sure if it was the SATA CD or HDD that
was causing this. I'll have to check again.

----- Original Message ----- From: "ragdelaed" <ragdelaed@gmail.com>
To: "'Erik Luken'" <eluken@pentarch.org>;
<security-basics@securityfocus.com>
Sent: Wednesday, May 30, 2007 6:52 PM
Subject: RE: Forensic tool to recommend?


I would think you wanted read only if you were conducting a forensic
examination, right? Or am I reading this wrong?

-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On
Behalf Of Erik Luken
Sent: Wednesday, May 30, 2007 3:58 PM
To: security-basics@securityfocus.com
Subject: Re: Forensic tool to recommend?

Biggest issue I've noticed here, is that Helix does not recognize SATA
cdroms. Booting from such, you get a limited read-only usage.

----- Original Message ----- From: "Richard Lane" <lane.security@gmail.com>
To: <security-basics@securityfocus.com>
Sent: Wednesday, May 30, 2007 7:55 AM
Subject: Re: Forensic tool to recommend?



I recommend the HELIX LiveCD distro. It has both Windows and Linux "sides"
- booting from cold will give access to the Linux toolset, however loading
the CD in Windows provides access to a variety of Windows tools.

http://www.e-fense.com/helix/

Good luck

Richard



From: Fabio Cerullo <fcerullo_at_gmail.com>
Date: Tue, 29 May 2007 07:53:28 +0100


Hi All,
I am evaluating some tools for gathering evidence in Linux and Windows
distros. 
In particular I am interested in recovering files/folders which have
been deleted "accidentally" from the PC.
I am aware there are some Live CD's with Linux installed that could
mount a drive and try to recover those files but don't know anyone in
particular.
Any help will be really appreciated.
Thank you very much.
Greetings,
Fabio







[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: GSEC Study Materials, Michael Hale
Next by Date:  Re: Secure delete files, Ansgar -59cobalt- Wiechers
Previous by Thread:  RE: Forensic tool to recommend?, ragdelaed
Next by Thread:  Re: Forensic tool to recommend?, foo
Indexes:  [Date] [Thread] [Top] [All Lists]