-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > -----Original Message----- > From: Ben Ford [mailto:bfordat_private] > Sent: Wednesday, July 25, 2001 6:09 PM > > Remember that NTFS is a "journaling" filesystem so dont' > expect to be > able to undelete a whole lot. > > You can always grep the partition without even mounting it tho. Which is what you would typically do anyway (not mounting the drive, but using a program to sift through the disk). That raises one question though: How do you grep or sift through two striped disks without mounting them? Does EnCase or similar tools provide support for striped NTFS disks? Regards, Frank -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.5.8 Comment: PGP or S/MIME encrypted email preferred. iQA/AwUBO2HvVZytSsEygtEFEQJI4QCdHVvjnKUtB6gnqCeg6a2FjyDiZfcAni5Z aRGpxwpad1+atsGgaB9tEe5Z =tRBJ -----END PGP SIGNATURE----- ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sun Jul 29 2001 - 09:15:11 PDT