RE: [Full-disclosure] Forensic help?

From: James Wicks (jjjwicks_at_gmail.com)
Date: 09/12/05

  • Next message: Andrew Farmer: "Re: [Full-disclosure] Forensic help?" 
    Date: Sun, 11 Sep 2005 18:49:48 -0400
To: full-disclosure@lists.grok.org.uk

    Here is a way to do it on the cheap:

    1. Ghost the hard drive with "Symantec Ghost" -
    http://www.symantec.com/sabu/ghost/ghost_personal/

    2. Take the original drive with you and put a new drive in the machine

    3. Copy the Ghost image on the new drive, allowing the system to go back
    into production

    4. Take the suspect drive and install it in another system with the same
    configuration as the original. Run "RecoverMyFiles"
    http://www.whitecanyon.com/rmf-hard-drive-data-recovery.php or "File Recover
    5.0" http://www.pctools.com/file-recover/?ref=google_fr

    The whole thing should cost you about $140 in software cost and the cost of
    a replacement hard drive.
     
    JJJ

     -----Original Message-----
    From: full-disclosure-bounces@lists.grok.org.uk [mailto:
    full-disclosure-bounces@lists.grok.org.uk] On Behalf Of Red Leg
    Sent: Sunday, September 11, 2005 6:34 PM
    To: full-disclosure@lists.grok.org.uk
    Subject: [Full-disclosure] Forensic help?

      Hi all.

     I was wondering if anyone knows of a program/system that I can purchase, as

    a private individual, that will allow me to

     1) mirror a hard drive on location and

     2) take that mirror and restore it to another drive. And

     3) Find any CONVENTIONALLY erased files?

     -- This would be either a Windows NTFS or FAT32 drive.

     Anyone have first hand experience? Please let me know, if you do. In ANY

    case, please suggest whatever you might have learned even without first hand

    experience.

     Thanks!

     Redleg18

      _______________________________________________

    Full-Disclosure - We believe in it.

    Charter: http://lists.grok.org.uk/full-disclosure-charter.html

    Hosted and sponsored by Secunia - http://secunia.com/

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://secunia.com/

  • Next message: Andrew Farmer: "Re: [Full-disclosure] Forensic help?"

    Relevant Pages

    • Re: Windows XP Disk Imaging Advice
      ... ghost may do you a deal as you are non profit. ... > I also have it running on my test network at home with two workstations... ... >> non profit community group and cost is a big issue. ...
      (microsoft.public.windowsxp.setup_deployment)
    • Re: CBC cuts shows episode orders, drops "Simpsons," "Martha Stewart"
      ... Audie Murphy's Ghost wrote: ... don't cost that much), and cutting back some original programming, what ...
      (rec.arts.tv)
    • Re: Hard drive crashed!
      ...  They tried Ghost as well, but it wouldn't load, ... and that it would cost hundreds of dollars to access all the ... friend was able to do so. ... OK, I just called them, and they said they use 3 Ghost programs, and ...
      (microsoft.public.windowsxp.help_and_support)
    • Re: Backup WinXP Partion to Seagate HDD
      ... I'm not sure of Ghost, but at least Drive Image gave you the choice ... > entire 160 GB drive (partition C and D). ... >> There are other 'backup' programs that you can purchase at huge cost ... >>> My Primary HDD is partitioned to C: (WinXP bootdrive and program files) ...
      (microsoft.public.windowsxp.hardware)