Re: [Full-disclosure] Forensic help?
From: Red Leg (redleg18_at_gmail.com)
Date: 09/12/05
- Previous message: Matthias Kestenholz: "Re: [Full-disclosure] Automated mass abuse of form mailers"
- In reply to: Paul Schmehl: "Re: [Full-disclosure] Forensic help?"
- Next in thread: Paul Schmehl: "Re: [Full-disclosure] Forensic help?"
- Reply: Paul Schmehl: "Re: [Full-disclosure] Forensic help?"
- Reply: als_at_thangorodrim.de: "Re: [Full-disclosure] Forensic help?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 12 Sep 2005 10:11:24 -0400 To: Paul Schmehl <pauls@utdallas.edu>, <full-disclosure@lists.grok.org.uk>
On 9/11/05 8:21 PM, "Paul Schmehl" <pauls@utdallas.edu> wrote:
> Download the knoppix std distro and burn it to a cd. Use dcfldd for drive
> imaging and the forensics tools for recovery of erased files and the like.
>
Paul.
Does dcfldd allow me to mirror the disk in such a manner as to include
deleted files? I can not swap drives. I need to obtain an image with which I
can "undelete" files that were conventionally erased.
Will dcfldd provide such an image?
Thanks!
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Previous message: Matthias Kestenholz: "Re: [Full-disclosure] Automated mass abuse of form mailers"
- In reply to: Paul Schmehl: "Re: [Full-disclosure] Forensic help?"
- Next in thread: Paul Schmehl: "Re: [Full-disclosure] Forensic help?"
- Reply: Paul Schmehl: "Re: [Full-disclosure] Forensic help?"
- Reply: als_at_thangorodrim.de: "Re: [Full-disclosure] Forensic help?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
