Re: NTFS $LOGFILE metafile

From: Harlan Carvey (keydet89at_private)
Date: Mon Mar 17 2003 - 12:56:39 PST

Next message: George M. Garner Jr.: "Re: NTFS $LOGFILE metafile"

Previous message: crazytrain: "Re: NTFS $LOGFILE metafile"
In reply to: crazytrain: "Re: NTFS $LOGFILE metafile"
Next in thread: George M. Garner Jr.: "Re: NTFS $LOGFILE metafile"
Reply: George M. Garner Jr.: "Re: NTFS $LOGFILE metafile"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Thanks.  You're right.  This may be the only way to go
about it.  As yet, I haven't found a way to access the
$LOGFILE metafile on a live system, let alone parse
it...

Thanks,

Harlan

--- crazytrain <subscribeat_private> wrote:
> Harlan
> 
> via Linux you can issue;
> 
> mount /dev/target_volume -o
> ro,noexec,noatime,show_sys_files=true /XXX
> 
> The 'show sys files' will show the hidden '$' files,
> i.e., $AttrDef,
> $Bitmap, $LogFile, etc.
> 
> hope this helps!
> 
> farmerdude
> 
> 
> On Mon, 2003-03-17 at 10:50, Harlan Carvey wrote:
> > All,
> > 
> > Does anyone know of a tool or utility that will
> allow
> > an admin to see/view the contents of the NTFS
> metafile
> > "$LOGFILE" on a live or imaged Win2K (and above)
> > system?
> > 
> > I'm aware of the SysInternals utility, but it
> doesn't
> > work on 2K and up.  
> > 
> > Thanks,
> > 
> > 
> > 
> > =====
> >
>
------------------------------------------------------------------------
> > Harlan Carvey
> > Computer Security Administrator
> > AIM: carvdawg
> > Yahoo: keydet89
> >
>
------------------------------------------------------------------------
> > 
> > __________________________________________________
> > Do you Yahoo!?
> > Yahoo! Web Hosting - establish your business
> online
> > http://webhosting.yahoo.com
> > 
> >
>
-----------------------------------------------------------------
> > This list is provided by the SecurityFocus ARIS
> analyzer service.
> > For more information on this free incident
> handling, management 
> > and tracking system please see:
> http://aris.securityfocus.com
> > 
> 


__________________________________________________
Do you Yahoo!?
Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop!
http://platinum.yahoo.com

-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: George M. Garner Jr.: "Re: NTFS $LOGFILE metafile"
Previous message: crazytrain: "Re: NTFS $LOGFILE metafile"
In reply to: crazytrain: "Re: NTFS $LOGFILE metafile"
Next in thread: George M. Garner Jr.: "Re: NTFS $LOGFILE metafile"
Reply: George M. Garner Jr.: "Re: NTFS $LOGFILE metafile"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Mar 17 2003 - 13:13:45 PST