Hi Craig, I've experienced nothing but grief in numerous attempts at changing the Win2k HAL. It started with a motherboard that was supposed to be ACPI compliant, but not recognized by Win2k's install, therefore a non ACPI HAL was loaded by default. There's a fair amount of information on this in the MS Knowledge base, but not much of it was very useful. Win2k is extremely hardware-specific. I've had problems with the HAL after just swapping cards around. For this reason, I don't find it to be a very versatile or useful forensics platform. Have you tried rebooting the machine from a Win2k CD and 'repairing' the install? I've had limited success with this. Good Luck, Det. Peter Jupp Ottawa Police Service High Tech Crime Unit (613)236-1222 ext 2334 jupppat_private -----Original Message----- From: Craig Earnshaw [mailto:Craig.Earnshawat_private] Sent: Sunday, July 15, 2001 1:35 PM To: Forensicsat_private Subject: Windows 2000 HAL's Does anyone have any experience of changing the Hardware Abstraction Layer (HAL) on a Windows 2000 machine? I recently imaged a W2K machine (with SafeBack) and now need to boot it in order to get one of the apps installed on the machine up and running. The problem that I'm facing is that the HAL that is installed on that restored drive will not interact with any of my workstations in the lab. Unfortunately I can't just copy the file relating to the app onto a different drive and run it that way due to config and dll details etc. Also, I can't get an uninstalled version of the app as it was custom written for the company to whom the machine belonged (and they're on the other side to my case!). When I've come across this before I've been able to get around it by installing the imaged drive in the original machine, however, in this case, I don't have any access to the original machine. Any thoughts/comments etc would be most helpful as I've got a fairly tight deadline on this one. Thanks Craig ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Jul 16 2001 - 11:16:34 PDT