Hi, openBSD just doesnt have the FS support at this time. i would NOT recommend using the original images, make a copy of them first or write it to a new drive. you should never do anything that may change the original image as you would be altering the evidence. Disturbingly it seems to be a common practice. a linux or a native nt/w2k box is your best bet ..keep in mind the linux NTFS support and NT4 doesnt fully support ntfs 3.* (the fs for win2k). Adam Daniel Technical Consultant ----------------------------------------------------------------------- FORENSIC DATA SERVICES PTY LIMITED http://www.forensicdata.com.au ------------------------------------------------------------------------ The information contained in this e-mail is confidential and is intended solely for the addressee. If you received this e-mail by mistake please notify us immediately and delete all copies of this message. You must not disclose or use in any way the information in the e-mail. It is the responsibility of the recipient to virus scan this e-mail and any attachments included. On Wed, 25 Jul 2001 mat_private wrote: > Hi. > > I have taken 2 disk images from a compromised IIS system. > These images are in NTFS format, and I was wondering if > anyone knows of an open source tool which is capable of > accessing these partitions. The Unix platform that I have > available is OpenBSD; so I can't mount the NTFS partitions. > > In the past I've used tct; but unrm doesn't currently > support ntfs filesystems. > > Any advice would be greatly appreciated. > > thanks, > Marty. > > ----------------------------------------------------------------- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sun Jul 29 2001 - 09:13:09 PDT