Re: Digital Evidence Question - What is an effective Windows hard-disk search tool?

• Previous message: Dominic Irrcher: "RE: sshd for windows"
• In reply to: marcus peddle: "Digital Evidence Question - What is an effective Windows hard-disk search tool?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 17 Jun 2003 12:09:58 -0400
To: security-basics@securityfocus.com

> What I seek is the following:
>
> -A tool (peferably freeware) that I can use to acquire
> and search my hard drive for
> images/history/general/etc information that I have
> "deleted".
>
> Any suggestions? It goes without saying that any
> ideas you may have would be appreciated. Thanks!
>
> Marcus
>

If nobody comes up with a suitable Windows-based tool for you, you can
disconnect the drive and hook it up as a slave to a *nix machine. From
there, you can use 'the sleuth kit' to work on the drive.

http://www.sleuthkit.org/sleuthkit/desc.php
 From the website:

"The Sleuth Kit (previously known as TASK) is a collection of UNIX-based
command line file system forensic tools that allow an investigator to
examine NTFS, FAT, FFS, EXT2FS, and EXT3FS file systems of a suspect
computer in a non-intrusive fashion. The tools have a layer-based design
and can extract data from internal file system structures. Because the
tools do not rely on the operating system to process the file systems,
deleted and hidden content is shown."

NOTE: I've never used this tool, so I cannot speak for it's reliability,
effectiveness, etc.

- Christopher Lane - CCNA/BCNE
- NCSU, Computer Science Undergraduate

---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
     
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
          
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------

• Previous message: Dominic Irrcher: "RE: sshd for windows"
• In reply to: marcus peddle: "Digital Evidence Question - What is an effective Windows hard-disk search tool?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: Lost permission tab ... > normal not to hav ethe permission tab. ... You can convert to NTFS by ... option about the file system. ... Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! ... (Security-Basics) [TOOL] The Sleuth Kit - UNIX-based File System and Media Management Forensic Analysis Tool ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... The Sleuth Kit is a collection of UNIX-based ... command line file system and media management forensic analysis tools. ... (Sleuth Kit Informer #6, Sleuth Kit ... (Securiteam)