ghenry
6th April 2004, 05:34 PM
Just a quick heads up of something I did today, which I thought was worth a mention:
I had to recover some deleted files on a Windows 2000 box with a NTFS filesystem.
Tools:
Penguin Sleuth Bootable CD (http://www.linux-forensics.com)
UnxUtils (http://unxutils.sourceforge.net/)
Netcat (http://www.atstake.com/research/tools/network_utilities/)
Sleuth Kit and Forensic Browser (http://www.sleuthkit.org/)
Putercops (http://www.putercops.org/)
Using dd to dump a 6GB image of a laptop hardrive via a crossover cable (to free up the network nadwidth) and netcat to another Windows 2000 box, then using the Penguin CD and autopsy/sleuthkit I got the files from the image.
I think I have a new howto for Fedoranews.org ;)
I had to recover some deleted files on a Windows 2000 box with a NTFS filesystem.
Tools:
Penguin Sleuth Bootable CD (http://www.linux-forensics.com)
UnxUtils (http://unxutils.sourceforge.net/)
Netcat (http://www.atstake.com/research/tools/network_utilities/)
Sleuth Kit and Forensic Browser (http://www.sleuthkit.org/)
Putercops (http://www.putercops.org/)
Using dd to dump a 6GB image of a laptop hardrive via a crossover cable (to free up the network nadwidth) and netcat to another Windows 2000 box, then using the Penguin CD and autopsy/sleuthkit I got the files from the image.
I think I have a new howto for Fedoranews.org ;)
