Re: Server with RAID-5

From: Hunter Ely (hely1at_private)
Date: Thu May 09 2002 - 09:07:01 PDT

Next message: J Jewitt: "Re: Server with RAID-5"

Previous message: Bojan Zdravkovic: "RE: Preserving evidence"
Next in thread: William Salusky: "Re: Server with RAID-5"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Thank you for all of your help guys.  I will try Encase via a network cable.
I will let you know how it goes.
----- Original Message -----
From: "J Jewitt" <jjewitt2001at_private>
To: "Hunter Ely" <hely1at_private>; <forensicsat_private>
Sent: Thursday, May 09, 2002 9:26 AM
Subject: Re: Server with RAID-5


>    I noticed no one seems to have answered you so far,
> so I'll do my best:
>    A colleague and I conferred and believe that a
> number of different mechanisms can duplicate the
> drives, for instance, a Trinux CD and use of the dd
> command to get a nice raw image. Of course, the SCSI
> controller may not be supported.
>   Encase forensic software includes native support for
> NT Striped Raid file systems. If someone has
> experience with Encase's support for RAID then chime
> in anytime. You may also want to include more details
> if this does not answer your question.
>
>   Regards,
>    J Jewitt
>
>
>
> --- Hunter Ely <hely1at_private> wrote:
> > I have a server that was compromised.  I've been
> > doing lower level forensics
> > on machines with single drives, but I don't know
> > what I need to do to image
> > a RAID array.  I haven't seen the machine yet, so I
> > can't give you any
> > specifics about it.  Can any of you guys give me an
> > idea of what I need to
> > do?  Thanks.
> >
> ------------------------------------------------------
> > Hunter Ely
> > Network Security Analyst, Office of Computing
> > Services
> > Louisiana State University
> > http://hunter.lsu.edu
> >
> >
> >
> >
> -----------------------------------------------------------------
> > This list is provided by the SecurityFocus ARIS
> > analyzer service.
> > For more information on this free incident handling,
> > management
> > and tracking system please see:
> > http://aris.securityfocus.com
> >
>
>
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Shopping - Mother's Day is May 12th!
> http://shopping.yahoo.com
>


-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: J Jewitt: "Re: Server with RAID-5"
Previous message: Bojan Zdravkovic: "RE: Preserving evidence"
Next in thread: William Salusky: "Re: Server with RAID-5"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri May 10 2002 - 10:24:32 PDT