('binary' encoding is not supported, stored as-is) Hello All, In current investigation process, it is very likely that we need to search for some information from the victim machine. However, cloning of machines especially the mainframe machine is very difficult. Is it possible that backup tape be used as the data source in forensics investigation? 1. Is there any difficulty or issues if we use backup tape instead of directly cloning the hard disk? I understand that there may be chances that the attacker can place some hiddening information in the hard disk which can't be cloned, but other than that, is there any issues? 2. Among the backup media and solution, is there any common scheme for backup across different Unix platform? 3. Where can we find any useful information about various backup utilities? Thanks. Ricci ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sun Dec 29 2002 - 10:46:51 PST