[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[no subject]
- <!--x-content-type: text/plain -->
- <!--x-date: Mon Apr 26 20:58:49 2004 -->
- <!--x-from-r13: wbanguna.tynff ng voo.tngrpu.rqh (Xbanguna Uynff WPP) -->
- <!--x-message-id: [email protected] -->
- <!--x-reference: A88B2F7C91000D41A5C09550ABF5C39B0443C2@poly_propylene.corp.polyengineering.com -->
- <!--x-reference: [email protected] -->
- <!--x-reference: [email protected] -->
- <!--x-reference: [email protected] --> "http://www.w3.org/TR/html4/loose.dtd">
- <!--x-subject: [ale] (OT) data recovery - show and tell? -->
- <li><em>date</em>: Mon Apr 26 20:58:49 2004</li>
- <li><em>from</em>: jonathan.glass at ibb.gatech.edu (Jonathan Glass IBB)</li>
- <li><em>in-reply-to</em>: <<a href="msg01158.html">[email protected]</a>></li>
- <li><em>references</em>: <A88B2F7C91000D41A5C09550ABF5C39B0443C2@poly_propylene.corp.polyengineering.com> <<a href="msg01038.html">[email protected]</a>> <<a href="msg01146.html">[email protected]</a>> <<a href="msg01158.html">[email protected]</a>></li>
- <li><em>subject</em>: [ale] (OT) data recovery - show and tell?</li>
Jonathan Glass
On Mon, 2004-04-26 at 19:29, Greg Freemyer wrote:
> On Mon, 2004-04-26 at 15:00, Michael D. Hirsch wrote:
> > I think subject would make a fantastic presentation. Would anyone like to
> > volunteer to present. This would be a fabulous way for a consultant to
> > advertise their abilities, or a great opportunity for someone to get
> > motivated to learn this stuff.
> >
> > If you are interested, please let me know.
> >
> > Michael
> >
> Michael,
>
> First off-topic:
> ====
> How come I don't know about 'tac'. I just found it in the below linux
> for cops write-up. Seems like the simple kind of program we should all
> know.
>
> (ie. to review logs "tac /var/log/messages | less". That way you see
> the entries in reverse chronological order.)
>
> Am I the only one who doesn't know this basic command?
>
> ====
> Okay, on-topic:
>
> We use commercial windows software to do data recovery. I assume that
> is taboo.
>
> OTOH, there is white paper about using linux to do computer forensics of
> linux systems (and data recovery of same) at
>
> <a rel="nofollow" href="http://www.linux-forensics.com/linuxintro-LEFE-2.0.5.pdf";>http://www.linux-forensics.com/linuxintro-LEFE-2.0.5.pdf</a>
>
> (A big part of computer forensics is the recovery of deleted files and
> file fragments, so there is a lot of relevant info in this paper.)
>
> The first third of the above whitepaper is basic linux stuff that most
> people on this list know. (Thankfully, tac is introduced in a latter
> section. I don't feel quite so ignorant.)
>
> The other 2/3's are more interesting. It could be the basis of either a
> detailed computer forensics presentation, or data recovery. (For data
> recovery, you could just leave out some of the steps like calculating
> the md5sum of the raw disk before and after making a working copy.)
>
> I know there was a computer forensics presentation last summer, but it
> was more conceptual with references to tools and their functionalities.
>
> The above goes into actual command-line parameters, etc. I have only
> scanned it so far, but I think it would make an interesting basis for a
> presentation. (In particular it has 10 pages dedicated to autopsy, a
> gui environment.)
>
> I think it even has some disk images online that can be analysed and
> files recovered. The presentation could include some actual recoveries
> from the sample.
>
> I have never used linux to do data recovery, but if you don't have any
> other takers I would consider giving the above a shot.
>
> Greg
</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<!--X-Follow-Ups-End-->
<!--X-References-->
<ul><li><strong>References</strong>:
<ul>
<li><strong><a name="01004" href="msg01004.html">[ale] (OT) data recovery - show and tell?</a></strong>
<ul><li><em>From:</em> PBoyington at polyengineering.com (Preston Boyington)</li></ul></li>
<li><strong><a name="01038" href="msg01038.html">[ale] (OT) data recovery - show and tell?</a></strong>
<ul><li><em>From:</em> freemyer-ml at NorcrossGroup.com (Greg Freemyer)</li></ul></li>
<li><strong><a name="01146" href="msg01146.html">[ale] (OT) data recovery - show and tell?</a></strong>
<ul><li><em>From:</em> mhirsch at nubridges.com (Michael D. Hirsch)</li></ul></li>
<li><strong><a name="01158" href="msg01158.html">[ale] (OT) data recovery - show and tell?</a></strong>
<ul><li><em>From:</em> freemyer-ml at NorcrossGroup.com (Greg Freemyer)</li></ul></li>
</ul></li></ul>
<!--X-References-End-->
<!--X-BotPNI-->
<ul>
<li>Prev by Date:
<strong><a href="msg01158.html">[ale] (OT) data recovery - show and tell?</a></strong>
</li>
<li>Next by Date:
<strong><a href="msg01160.html">[ale] snmptrapsd reporting, um, er - flawed logic</a></strong>
</li>
<li>Previous by thread:
<strong><a href="msg01158.html">[ale] (OT) data recovery - show and tell?</a></strong>
</li>
<li>Next by thread:
<strong><a href="msg01161.html">[ale] (OT) data recovery - show and tell?</a></strong>
</li>
<li>Index(es):
<ul>
<li><a href="maillist.html#01159"><strong>Date</strong></a></li>
<li><a href="threads.html#01159"><strong>Thread</strong></a></li>
</ul>
</li>
</ul>
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
</body>
</html>