I noticed no one seems to have answered you so far, so I'll do my best: A colleague and I conferred and believe that a number of different mechanisms can duplicate the drives, for instance, a Trinux CD and use of the dd command to get a nice raw image. Of course, the SCSI controller may not be supported. Encase forensic software includes native support for NT Striped Raid file systems. If someone has experience with Encase's support for RAID then chime in anytime. You may also want to include more details if this does not answer your question. Regards, J Jewitt --- Hunter Ely <hely1at_private> wrote: > I have a server that was compromised. I've been > doing lower level forensics > on machines with single drives, but I don't know > what I need to do to image > a RAID array. I haven't seen the machine yet, so I > can't give you any > specifics about it. Can any of you guys give me an > idea of what I need to > do? Thanks. > ------------------------------------------------------ > Hunter Ely > Network Security Analyst, Office of Computing > Services > Louisiana State University > http://hunter.lsu.edu > > > > ----------------------------------------------------------------- > This list is provided by the SecurityFocus ARIS > analyzer service. > For more information on this free incident handling, > management > and tracking system please see: > http://aris.securityfocus.com > __________________________________________________ Do You Yahoo!? Yahoo! Shopping - Mother's Day is May 12th! http://shopping.yahoo.com ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri May 10 2002 - 10:32:55 PDT