Hi everyone, Thanks for your responses. I've tested with bootable linux (FIRE, Knoppix STD) and using the dd command works fine. Its just using dd.exe while live on windows. Some of you asked why I would want to do that. The reason is taking down servers to do investigations is not something we want to do unless we have a lot of evidence that it is life or death to begin with. You don't know this purely from examining the volatile data sources. I want the capability to take live images of windows machines without having to reboot them and without having to use thier binaries. The FIRE cd's forensic shell can be started simply by inserting the CD and pressing the button off autorun. It uses its own binaries and other than the minor changes from inserting the CD doesn't make changes that I would care about. I just wished it worked. Does anyone know of a tried and tested method of taking a live image off a running windows machine without taking it offline or rebooting to linux cd or anything else that would disrupt operations. Thanks, Sakaba -------------------------------------------------------------------------------- Get your free 15 Mb POP3 email @alexandria.cc Click here -> http://www.alexandria.cc/ ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Aug 11 2003 - 12:26:39 PDT