Virus.Org IT Security News and Information Portal. We offer the latest IT security news, updates, product reviews, books, and articles for all you IT security professionals out there. Enter and get the best IT security information on the Internet.

 
. Welcome to the Virus.Org Mailing List Archive  
.
.


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


RE: Windows forensics with Linux analysis machine
.

  • To: <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
  • Subject: RE: Windows forensics with Linux analysis machine
  • From: "Steve" <[EMAIL PROTECTED]>
  • Date: Sat, 23 Aug 2003 13:17:43 -0700
  • In-reply-to: <[EMAIL PROTECTED]>
.
 
All the registry info is stored in a set of files on the disk so you can get
it with anything that allows you to read the disk.  (I don't remember the
files off hand, the times I've done it I've had a senior investigator in the
office assisting)

You can also use 'dd' to make a bit copy of the suspect drive which can then
be booted allowing you to access the registry using the standard windows
tools without disturbing the integrity of the suspect drive.

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Friday, August 22, 2003 1:17 AM
To: [EMAIL PROTECTED]
Subject: RE: Windows forensics with Linux analysis machine



...i don't think that the F.I.R.E matches all needs for an investigation of
Windows .
I am not to close with Forensics of Windows plattforms bit i am learning...
On attempt might be the registry. A very important database which you can't
analyse with F.I.R.E., or am i wrong ?
Please correct me.

By the way does anybody know a tool for doing that under linux ?
At the moment i am doing a:\redump.exe | cryptcat and lesses/grep the acsii
dump-file on my forensics notebook.
But this means, that the System is alive and runnning! And that no trojan
hides
registry-trees (hives).

looking forward
Holger





"tetsujin" <[EMAIL PROTECTED]>
21.08.2003 02:03
An:     "'JJ'" <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
Kopie:  (Blindkopie: Holger Wöhle/PSD/Eschborn/Arcor)
Thema:  RE: Windows forensics with Linux analysis machine



---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.512 / Virus Database: 309 - Release Date: 8/19/2003

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.512 / Virus Database: 309 - Release Date: 8/19/2003


-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
 
.
.
 
Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.