The last time I used it was to recover a critical file that I lost after being hit by the Chernobal CIH virus in April/99. As it reformatted by re-writing your fat table, I did an ascii search on a phrase in the doc, found all the clusters it used, wrote that in the fat table with appropriate offsets and had access to it. Had experience in the early 80's with hex editors to manually repair drives that were notoriously unreliable in the early days (spent $900 for my first 5mb hard drive & thought I would NEVER use all that space. Course if I used only *NIX that might still be enough ;) Curt Purdy CISSP, MCSE+I, CNE, CCDA Information Security Engineer DP Solutions ---------------------------------------- If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked. -- White House cybersecurity adviser Richard Clarke -----Original Message----- From: Steve Hailey [mailto:shaileyat_private] Sent: Thursday, April 17, 2003 8:02 PM To: 'forensicsat_private' Subject: Diskedit I have several students in my Introduction to Computer Forensics class that would like additional material and exposure on using the old Norton Diskedit. I'd appreciate any information that my fellow examiners and/or instructors could provide, such as URL's or recommendations on books. We use the program to teach basics of how information is stored when using FAT, as well as how to use some of the basic features for forensic examinations. I'd also love to hear how any of you are using this old workhorse of a program. As well, any good tools out there for viewing the MFT under NTFS? Steve Hailey www.btc.edcc.edu <http://www.btc.edcc.edu> ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Apr 22 2003 - 09:39:28 PDT