RE: Initial Machine login - Computer Forensics 101

Hi Michael,
Sorry, I forgot to give a link

http://www.e-fense.com/helix/

or F.I.R.E
http://fire.dmzs.com/


You can go for knoppix-std too.
http://www.knoppix-std.org/


The closest thing I've come to from a windows standpoint is (not the same as
the others in functionality)
http://www.nu2.nu/pebuilder/

There may be others.

-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] On
Behalf Of Michael Condon
Sent: Tuesday, February 05, 2008 2:13 AM
To: Worrell, Brian; security-basics@xxxxxxxxxxxxxxxxx
Subject: Re: Initial Machine login - Computer Forensics 101

Well understood. That brings up another subject - is there freeware or a
documented procedure for making a bootable CD?
Michael Condon
----- Original Message -----
From: "Worrell, Brian" <BWorrell@xxxxxxxxxxx>
To: "Michael Condon" <mjc001@xxxxxxxx>; <security-basics@xxxxxxxxxxxxxxxxx>
Sent: Monday, February 04, 2008 10:06 AM
Subject: RE: Initial Machine login - Computer Forensics 101


Michael,

Quick sidebar, I recall reading a post about this before on another
list. If you are being paid to do this, you need to make sure its all
above board as in some states this can be consider illegal. Do not
recall the exact issue, but part of the outcome was that you needed to
have very clear, signed, documentation on what you were asked to do.
Think the case the article was referring too was in California.

That said, I would make a copy of the drive, and not alter the original
in any way. This helps keep the evidence chain.


Brian


-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
On Behalf Of Michael Condon
Sent: Saturday, February 02, 2008 11:15 PM
To: security-basics@xxxxxxxxxxxxxxxxx
Subject: Initial Machine login - Computer Forensics 101

Here is a Computer Forensics 101 question.
Suppose a distraught woman comes to me with her husband's laptop and
wants me to search it for information about a suspected marital
indescretion.
1. Assuming it is an XP/Vista machine, how can I log in as
administrator?
2. Is the second approach to make a bistream copy of the hard drive
using an external USB har drive enclosure and proceed that way?

Relevant Pages

  • Re: Initial Machine login - Computer Forensics 101
    ... That brings up another subject - is there freeware or a documented procedure for making a bootable CD? ... Initial Machine login - Computer Forensics 101 ... On Behalf Of Michael Condon ...
    (Security-Basics)
  • RE: Initial Machine login - Computer Forensics 101
    ... I recall reading a post about this before on another ... If you are being paid to do this, you need to make sure its all ... Initial Machine login - Computer Forensics 101 ... Here is a Computer Forensics 101 question. ...
    (Security-Basics)
  • RE: Initial Machine login - Computer Forensics 101
    ... a person or firm licensed as an accountant or accounting firm under Chapter 901, an owner of an accounting firm, or an employee of an accountant or accounting firm while performing services regulated under Chapter 901;" ... Initial Machine login - Computer Forensics 101 ... Many forensic analysts/experts who testify or examine evidence may not ...
    (Security-Basics)
  • RE: Initial Machine login - Computer Forensics 101
    ... Many forensic analysts/experts who testify or examine evidence may not ... the analysis will be filed in the court. ... Initial Machine login - Computer Forensics 101 ...
    (Security-Basics)
Quantcast