RE: Diskedit

From: Curt Purdy (purdyat_private)
Date: Tue Apr 22 2003 - 09:22:15 PDT

Next message: Christine Siedsma: "RE: Diskedit"

Previous message: Luis Gomez: "Re: Citrix"
In reply to: Steve Hailey: "Diskedit"
Next in thread: Christine Siedsma: "RE: Diskedit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The last time I used it was to recover a critical file that I lost after
being hit by the Chernobal CIH virus in April/99.  As it reformatted by
re-writing your fat table, I did an ascii search on a phrase in the doc,
found all the clusters it used, wrote that in the fat table with appropriate
offsets and had access to it.  Had experience in the early 80's with hex
editors to manually repair drives that were notoriously unreliable in the
early days (spent $900 for my first 5mb hard drive & thought I would NEVER
use all that space.  Course if I used only *NIX that might still be enough
;)

Curt Purdy CISSP, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions

----------------------------------------

If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- White House cybersecurity adviser Richard Clarke


-----Original Message-----
From: Steve Hailey [mailto:shaileyat_private]
Sent: Thursday, April 17, 2003 8:02 PM
To: 'forensicsat_private'
Subject: Diskedit


I have several students in my Introduction to Computer Forensics class that
would like additional material and exposure on using the old Norton
Diskedit.  I'd appreciate any information that my fellow examiners and/or
instructors could provide, such as URL's or recommendations on books.  We
use the program to teach basics of how information is stored when using FAT,
as well as how to use some of the basic features for forensic examinations.
I'd also love to hear how any of you are using this old workhorse of a
program.  As well, any good tools out there for viewing the MFT under NTFS?

Steve Hailey
www.btc.edcc.edu <http://www.btc.edcc.edu>




-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com



-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Christine Siedsma: "RE: Diskedit"
Previous message: Luis Gomez: "Re: Citrix"
In reply to: Steve Hailey: "Diskedit"
Next in thread: Christine Siedsma: "RE: Diskedit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Apr 22 2003 - 09:39:28 PDT