Thanks. You're right. This may be the only way to go about it. As yet, I haven't found a way to access the $LOGFILE metafile on a live system, let alone parse it... Thanks, Harlan --- crazytrain <subscribeat_private> wrote: > Harlan > > via Linux you can issue; > > mount /dev/target_volume -o > ro,noexec,noatime,show_sys_files=true /XXX > > The 'show sys files' will show the hidden '$' files, > i.e., $AttrDef, > $Bitmap, $LogFile, etc. > > hope this helps! > > farmerdude > > > On Mon, 2003-03-17 at 10:50, Harlan Carvey wrote: > > All, > > > > Does anyone know of a tool or utility that will > allow > > an admin to see/view the contents of the NTFS > metafile > > "$LOGFILE" on a live or imaged Win2K (and above) > > system? > > > > I'm aware of the SysInternals utility, but it > doesn't > > work on 2K and up. > > > > Thanks, > > > > > > > > ===== > > > ------------------------------------------------------------------------ > > Harlan Carvey > > Computer Security Administrator > > AIM: carvdawg > > Yahoo: keydet89 > > > ------------------------------------------------------------------------ > > > > __________________________________________________ > > Do you Yahoo!? > > Yahoo! Web Hosting - establish your business > online > > http://webhosting.yahoo.com > > > > > ----------------------------------------------------------------- > > This list is provided by the SecurityFocus ARIS > analyzer service. > > For more information on this free incident > handling, management > > and tracking system please see: > http://aris.securityfocus.com > > > __________________________________________________ Do you Yahoo!? Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop! http://platinum.yahoo.com ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Mar 17 2003 - 13:13:45 PST