If the data was written from the network, theres a good chance he used a local iso image or the software created a large temp file on the local hard disk to avoid buffer under runs when writing the CDR. If the layout was not saved at any point, i would assume that its kept in memory and not paged out to the disk, but i cant conform this. Hope it helps Adam Daniel Technical Consultant ----------------------------------------------------------------------- FORENSIC DATA SERVICES PTY LIMITED http://www.forensicdata.com.au ------------------------------------------------------------------------ On Tue, 15 Jan 2002, Ed Shirley wrote: > At the moment I am working on a case which is alot > like most of my work. I am trying to figure out what > a termed employee may have burned to CD to take with > him when he left. I have gotten lucky before and > found where the guy had copied the files locally, or > some other hard-to-miss/hit-you-over-the-head > situation. > > This time, the guy had used NERO and copied it over > the network. I don't have alot of cooperation with > on-site technical personnel on that end, so all I have > is a the rig that the burner was installed on. I have > never worked with Nero either. > > It would be extremely helpful if I could find any sort > of temporary layout file that would list what files > were burned. I am sifting through unallocated/slack > space and may get lucky again. I am though about 25% > ofit and it ain't looking good. > > If anyone has any suggestions as to where this type of > info might be hiding, by all means, drop me a line. > > Ed > > > > __________________________________________________ > Do You Yahoo!? > Send FREE video emails in Yahoo! Mail! > http://promo.yahoo.com/videomail/ > > ----------------------------------------------------------------- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com > ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Jan 16 2002 - 19:31:51 PST