On Sun, 5 Aug 2001, Gregory Edwards wrote: Hi, Craig! I have ONE suggestion to you! I graduated as electronic engineer(long, long ago!) but, I've never worked with electronics...but, again... it's kind of first love! If I were to do what you suggested... to make a forensics copy of any PDA... I would take one of those machines that enable you to make a 'real' copy of the mentioned 'chip'! That could be a EPROM machine (used on electronic labs). So you could keep the integrity of the original and deal with the copies. The final step would be to transfer ALL data to a non-erasable media (CDROM) compare both contents (chip and CDROM) and, finally proceed to the forensics analysis! I would never rely on another chip to make this kind of analysis, like the suggested below... that would be great for 'regular' backups! HTH, Ricardo Castanho >There is a backup chip that can backup everything for a Palm or >similar. 8MB chip is about $50. It was shown at a Palm UG meeting recently >and should be on the market now. > >Greg Edwards, CISSP and Palm user > >On Sat, 4 Aug 2001, Craig Earnshaw wrote: > >> Although this post relates to a Psion Revo this concept is equally >> relevant to any other PDA (Palm, Handspring, Compaq iPaq, HP Jordana >> etc). >> >> Does anyone know if it possible to make a complete copy of all of the >> data resident on a Psion Revo? >> >> When I have come across these previously I have used the following >> method: >> >> -> Install a new copy of Win9x on a drive that has been forensically >> wiped; >> -> Install PsiWin onto the Windows drive; >> -> Forensically wipe all free and slack space on the drive (again); >> -> Connect the Revo (or other Psion) to my workstation; >> -> Backup the Revo onto the Windows drive using PsiWin; >> -> Image the Windows drive. >> >> The problem with this is that a) there are potentially holes in the >> methodology, and b) (most importantly) this method only captures active >> data. >> >> I'm sure that there is a utility out there to create a complete image of >> all of the data held in the Psion (ie 16Mb of data from 16Mb of on-baord >> memory), but I can't find it. I suppose that an "interpreter" for the >> image would also be important, so that you know what data relates to >> active files, and whether the any deleted material could be "recovered". >> >> Can anyone suggest anything? >> >> Thanks >> >> Craig >> >> >> ----------------------------------------------------------------- >> This list is provided by the SecurityFocus ARIS analyzer service. >> For more information on this free incident handling, management >> and tracking system please see: http://aris.securityfocus.com >> >> > > >----------------------------------------------------------------- >This list is provided by the SecurityFocus ARIS analyzer service. >For more information on this free incident handling, management >and tracking system please see: http://aris.securityfocus.com > > -- ========================================================== Ricardo C.O. Freitas <english.quest@best-service.com> Linux user # 102240 => Seti@home user - SE440BX-2 PII-400-128Mb-2hd (13+4,3Gb) + Invicta 1L de Café Pilão© Machine # 96125 - CL6 + PINE (This msg is 100% MS Free!) ========================================================= You will be awarded a medal for disregarding safety in saving someone. ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Aug 08 2001 - 10:26:54 PDT