Re: NTFS forensic analysis on Unix platform

From: Ben Ford (bfordat_private)
Date: Wed Jul 25 2001 - 16:08:56 PDT

Next message: Blake Frantz: "Re: NTFS forensic analysis on Unix platform"

Previous message: Security Technology: "RE: in-house computer forensics"
In reply to: Everhart, Glenn (FUSA): "RE: NTFS forensic analysis on Unix platform"
Next in thread: adamdat_private: "Re: NTFS forensic analysis on Unix platform"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Remember that NTFS is a "journaling"  filesystem so dont' expect to be 
able to undelete a whole lot.

You can always grep the partition without even mounting it tho.

-b

-- 
So, make a real effort to avoid getting sucked into all the expensive
lifestyle habits of typical Americans.  Because if you do that, then
people with the money will dictate what you do with your life.
                --Richard Stallman




-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Blake Frantz: "Re: NTFS forensic analysis on Unix platform"
Previous message: Security Technology: "RE: in-house computer forensics"
In reply to: Everhart, Glenn (FUSA): "RE: NTFS forensic analysis on Unix platform"
Next in thread: adamdat_private: "Re: NTFS forensic analysis on Unix platform"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jul 26 2001 - 08:57:44 PDT