RE: Light forensics

Eduardo,

I'm not sure there really is such a thing as 'light'. If you are just
looking to find out who deleted a file and get it back, then to me that
is not really true forensics. (people do this daily)

True forensics involves freezing hardware/disks for legal reasons...ect

If you just want to undelete a file, there are tons of tools out there.
(open source, hacker and commercial) Easiest thing is to search google
or yahoo.

One catch, if the file is on the pc and not on a network and someone has
already used the pc since the file was deleted, then your going to have
a very low percentage of getting the file back.

Jeff


-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
On Behalf Of Eduardo Sierra
Sent: January 05, 2010 9:09 AM
To: pen-test@xxxxxxxxxxxxxxxxx
Subject: Light forensics

Hi,

We had a security incident, and i'm doing a "light" forensics.

Is there a log you can check to see IP Address Changes in a Windows XP
Box?
Any good free tool to undelete files?

Many thanks,

Eduardo Sierra

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review
Board

Prove to peers and potential employers without a doubt that you can
actually do a proper penetration test. IACRB CPT and CEPT certs require
a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------


-----------------------------------------
This e-mail message is private and may contain confidential or
privileged information.

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

Relevant Pages

  • Re: Light forensics
    ... True forensics involves freezing hardware/disks for legal reasons...ect ... Information Assurance Certification Review Board ... IACRB CPT and CEPT certs require a full practical examination in order to become certified. ...
    (Pen-Test)
  • Re: Evaluating pentesters
    ... Information Assurance Certification Review Board ... Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. ... IACRB CPT and CEPT certs require a full practical examination in order to become certified. ...
    (Pen-Test)
  • Re: Pentest exams
    ... would be a dynamic duo of pen testing certs. ... Prove to peers and potential employers without a doubt that you can ... do a proper penetration test. ... Information Assurance Certification Review Board ...
    (Pen-Test)
  • Re: proposed pen-test
    ... social networking site by using the program on the enclosed usb stick. ... Information Assurance Certification Review Board ... Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. ...
    (Pen-Test)
  • Re: Pentest exams
    ... would be a dynamic duo of pen testing certs. ... Prove to peers and potential employers without a doubt that you can ... do a proper penetration test. ... Information Assurance Certification Review Board ...
    (Pen-Test)