On Wed, Jul 31, 2002 at 04:08:04PM -0400, Buck Buchanan wrote: > Bypassing the file system and directly accessing the disk can easily dump > any disk block. Disk Probe from the NT Resource Kit can do this. The hard > part is figuring out which blocks the pagefile(s) is/are using. I am not > aware of any easy to use "script kiddie" tools that will accomplish this, > but would like to find one. The nfi.exe (somewhere on Microsoft's site) tool will dump the MFT table and give the sector runs for files. brian ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Aug 01 2002 - 07:38:09 PDT