Ontrack's Easy Recovery Professional v5.1 Symantec Ghost 7.0 Granted, I'm not a professional. I'm more of an advanced desktop tech (witness my n00b Linux skills) with some security background, so I'm usually after easier-to-find things, like user-deleted files or virus remnants as part of follow-up investigations. However, I've found ERP to be essential in finding some data thought long gone. I switched to ERP from the utility formerly known as PowerQuest Lost & Found after discovering that ERP did a better job in a quarter of the time. I use Ghost more to avoid modifying files. I can Ghost the drive, and then use Ghostwalker (part of the package) to peruse the image file and pull copies of anything I need to examine more closely. We usually have to do this in a virus aftermath. One of the nicer things about the newer versions of Ghost is the built-in CD-R/CD-RW support, complete with spanning. I'm hoping for DVD+RW support in the next version. Spanning 8-10 CDs sucks. At the same time, I also have a couple of wipedisk utilities to mess with anyone who wants to look into my tracks. Numbskull that I am, the disks are at work, so I don't know what the exact source and versions are, but they can do a reasonable wipe in about 30 minutes on a 20GB drive, and a complete, essentially unrecoverable wipe if I let them run overnight. -----Original Message----- From: Titus, Jennifer [mailto:Titus.Jenniferat_private] Sent: Wednesday, January 16, 2002 10:49 AM To: forensicsat_private Subject: Top Ten List!? I'm looking for new tools to purchase and want to take a poll of those of you on this list. 1. What is in your ESSENTIAL toolkit! Some of the first things you reach for when working through a case. Software/hardware based...it doesn't make a difference, just let me know. 2. What have you used that was a complete waste of time or was damaging in a case you worked on. ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Jan 17 2002 - 09:20:24 PST