[Full-disclosure] Forensic help?
KF (lists)
kf_lists at digitalmunition.com
Mon Sep 12 03:01:29 BST 2005
http://www.sleuthkit.org/
I am not sure how courtroom safe it is. I have had someone suggest to me
that choosing sleuthkit was not sanctioned by the xyz blah blah court of
bleh (suggesting to use encase instead).
As a private individual obviously encase is most likely not an option.
-KF
Red Leg wrote:
>Hi all.
>
>I was wondering if anyone knows of a program/system that I can purchase, as
>a private individual, that will allow me to
>
>1) mirror a hard drive on location and
>
>2) take that mirror and restore it to another drive. And
>
>3) Find any CONVENTIONALLY erased files?
>
> -- This would be either a Windows NTFS or FAT32 drive.
>
>Anyone have first hand experience? Please let me know, if you do. In ANY
>case, please suggest whatever you might have learned even without first hand
>experience.
>
>Thanks!
>
>Redleg18
>
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
>
>
Full-Disclosure is hosted and sponsored by Secunia.