Sakaba, You may want to investigate ProDiscover IR which is the incident response and auditing version of ProDiscover DFT. ProDiscover IR will allow live imaging and analysis of any windows system over the network at an affordable cost. See http://www.techpathways.com or contact me directly for details or questions. Regards, Christopher L. T. Brown Technology Pathways LLC Makers of ProDiscover clbrownat_private Phone: 619-435-0906 / 888-894-5500 http://www.TechPathways.com This email message is for the sole use of the intended recipient[s] and may contain privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by phone or reply email and destroy all copies of the original message. > -----Original Message----- > From: Sakaba [mailto:Sakabaat_private] > Sent: Tuesday, August 12, 2003 3:15 AM > To: Reava, Jeffrey [IT/0200]; 'Sakaba'; forensicsat_private > Subject: RE: Using dd.exe to make forensic images of NTFS drives > > > Thanks Jeff, > > I think the best solutions for investigating without downing > the system > that I've heard so far are: > > 1] Mirror disks if you have them - Just pull out and put in another > machine to examine > 2] Encase - expensive but can do the job > 3] Win32 binaries of Sleuthkit - don't have to down the > system but need to > copy over files which is annoying ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Aug 13 2003 - 06:09:41 PDT