[Dshield] Forensics and hard drives
jlake at kcso.org
Tue Apr 10 08:20:13 GMT 2007
Kenneth Coney wrote:
> Okay, a little off topic I know, but maybe someone here has an idea.
> I am examining an XP hard drive the owner gave me to recover deleted
> files and determine if they have been hacked. I sector cloned it,
> configured the clone as a slave drive,, and have done the file recovery,
> but I am a little stumped on where to go from here. <snip>
Is it possible to use LiveView and boot the image using vmware?
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 252 bytes
Desc: OpenPGP digital signature
Url : http://lists.sans.org/pipermail/list/attachments/20070410/8ef0e066/attachment.bin
More information about the list