At 09:11 PM 09/01/02 -0600, you wrote: >>"EnCase presents several options to non-invasive acquire hard drives, >>many of which are unique to the field of computer forensics" [1] That was on page 57 I should have re-read the chapter before i posted. P55 states "EnCase acquires hard drives in either a DOS environment, or in a Windows environment where a specially designed hardware write-blocking device is utilize. >Please name ONE that is "unique to the field of computer forensics" "For instance, EnCase is currently the only product that enables forensic acquisitions in a Windows environment" was the next line in the book. Also the ability to handle software raid. Mind you I have heard of LE using samba and BSD in the past to examine. I will stop positing in my sleep and re-read my books. Btw the below book is the most practical book on the topic I have read. Whoever asked about articles written about UNIX and forensics should have a glance at this book first. FYI, I am changing email address for a few reasons. Hence I will be changing my status from random poster to lurker. Many regards, Daniel [1] Casey, H. 2001, "Handbook of computer crime investigation - Forensic tools and technology" Academic Press ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Jan 10 2002 - 17:19:31 PST