Re: dd vs windows...
- From: "Jon Wallace" <jon@xxxxxxxxx>
- Date: Wed, 9 Aug 2006 19:09:18 -0400
Hi,
There is a nice program called Drive Snapshot (http://www.drivesnapshot.de/en/). This tool allows you to take an image of a machine whilst it's running. What's more, if you change things (install software etc) whilst the imaging is in process, the new additions are not part of the image.
I would then take this image and restore it to a virtual machine (VMWare / MS VPC) which you can then do all of the forensics you wish. Taking this to the next level, you could kick this off remotely with a low priority and take an image of a PC without the user even knowing.
Hope this helps,
Jon Wallace
AppSense - http://www.appsense.com
-----
AppSense Application Manager is a set and forget solution when it comes to stopping unauthorized executables - stopping malware, spyware and unwanted applications.
-----
----- Original Message ----- From: "Marios A. Spinthiras" <mario@xxxxxxxxxxxxx>
To: <security-basics@xxxxxxxxxxxxxxxxx>
Sent: Wednesday, August 09, 2006 2:02 AM
Subject: Re: dd vs windows...
there is an easier way over the network if your are interested. Try : http://udpcast.linux.lu . Ive been using it for years and its been proven to be worthy for what it does.
Regards,
Marios A. Spinthiras
On Mon, 07 Aug 2006 06:41:30 +0300, Murda Mcloud <murdamcloud@xxxxxxxxxxx> wrote:
Hi all,
I have a windows xp machine that I want to take a binary image of. Can I
boot into knoppix on this same machine and use it to dump the binary onto a
dvd/cd? I'm guessing this would depend on whether I could get support for my
dvd writer.
---------------------------------------------------------------------------
This list is sponsored by: Norwich University
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
--
Using Opera's revolutionary e-mail client: http://www.opera.com/mail/
---------------------------------------------------------------------------
This list is sponsored by: Norwich University
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
---------------------------------------------------------------------------
This list is sponsored by: Norwich University
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
- References:
- dd vs windows...
- From: Murda Mcloud
- Re: dd vs windows...
- From: Marios A. Spinthiras
- dd vs windows...
- Prev by Date: RE: SANS Certification,
- Next by Date: Secure USB drive
- Previous by thread: Re: dd vs windows...
- Next by thread: Re: dd vs windows...
- Index(es):
Relevant Pages
|
|
