RE: Top Ten List!?

From: Jarrod Frates (fusionat_private)
Date: Wed Jan 16 2002 - 21:00:12 PST

Next message: Eric Hines: "Re: Top Ten List!?"

Previous message: Karl_Rademacherat_private: "RE: Hard drive write blocking in Windows"
In reply to: Titus, Jennifer: "Top Ten List!?"
Next in thread: Richard Chadderton: "RE: Top Ten List!?"
Next in thread: Eric Hines: "Re: Top Ten List!?"
Reply: Richard Chadderton: "RE: Top Ten List!?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Ontrack's Easy Recovery Professional v5.1
Symantec Ghost 7.0

Granted, I'm not a professional.  I'm more of an advanced desktop tech
(witness my n00b Linux skills) with some security background, so I'm
usually after easier-to-find things, like user-deleted files or virus
remnants as part of follow-up investigations.  However, I've found ERP
to be essential in finding some data thought long gone.  I switched to
ERP from the utility formerly known as PowerQuest Lost & Found after
discovering that ERP did a better job in a quarter of the time.

I use Ghost more to avoid modifying files.  I can Ghost the drive, and
then use Ghostwalker (part of the package) to peruse the image file and
pull copies of anything I need to examine more closely.  We usually have
to do this in a virus aftermath.  One of the nicer things about the
newer versions of Ghost is the built-in CD-R/CD-RW support, complete
with spanning.  I'm hoping for DVD+RW support in the next version.
Spanning 8-10 CDs sucks.

At the same time, I also have a couple of wipedisk utilities to mess
with anyone who wants to look into my tracks.  Numbskull that I am, the
disks are at work, so I don't know what the exact source and versions
are, but they can do a reasonable wipe in about 30 minutes on a 20GB
drive, and a complete, essentially unrecoverable wipe if I let them run
overnight.


-----Original Message-----
From: Titus, Jennifer [mailto:Titus.Jenniferat_private] 
Sent: Wednesday, January 16, 2002 10:49 AM
To: forensicsat_private
Subject: Top Ten List!?


I'm looking for new tools to purchase and want to take a poll of those
of you on this list.  

1.  What is in your ESSENTIAL toolkit!  Some of the first things you
reach for when working through a case.  Software/hardware based...it
doesn't make a difference, just let me know.  

2.  What have you used that was a complete waste of time or was damaging
in a case you worked on. 


-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service. For
more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com


-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Eric Hines: "Re: Top Ten List!?"
Previous message: Karl_Rademacherat_private: "RE: Hard drive write blocking in Windows"
In reply to: Titus, Jennifer: "Top Ten List!?"
Next in thread: Richard Chadderton: "RE: Top Ten List!?"
Next in thread: Eric Hines: "Re: Top Ten List!?"
Reply: Richard Chadderton: "RE: Top Ten List!?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jan 17 2002 - 09:20:24 PST