Greetings! Alvin Oga wrote: > > anyway.. so goes my limited understanding ... > tar(block/sector level apps ) vs dd(bit level apps ) type of apps Ooookay, back to beginnings. We're on "forensics@..." here. So you will want to have ALL data you can get a hold on/of. Quite some evidence can be hidden in (presumedly) deleted files, etc. (see e.g. the current Scan-of-the-Month at http://www.honeynet.org/scans/scan24/). So for FORENSICS a binary copy is the right choice (e.g. http://www.wyae.de/docs/img_dd.php) - whereas for FUNCTIONAL cloning other means will be faster and/or more reliable (e.g. http://www.wyae.de/docs/img_rsync.php). Bye Volker Tanger IT-Security Consulting -- discon gmbh Wrangelstraße 100 D-10997 Berlin fon +49 30 6104-3307 fax +49 30 6104-3461 volker.tangerat_private http://www.discon.de/ ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Oct 14 2002 - 06:03:05 PDT