[Dshield] Forensics and hard drives

Jeff Lake jlake at kcso.org
Tue Apr 10 08:20:13 GMT 2007


Kenneth Coney wrote:
> Okay, a little off topic I know, but maybe someone here has an idea.
> 
> I am examining an XP hard drive the owner gave me to recover deleted 
> files and determine if they have been hacked.  I sector cloned it, 
> configured the clone as a slave drive,, and have done the file recovery, 
> but I am a little stumped on where to go from here.  <snip>

Is it possible to use LiveView and boot the image using vmware?


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
Url : http://lists.sans.org/pipermail/list/attachments/20070410/8ef0e066/attachment.bin 


More information about the list mailing list