http://www.darknet.org.uk/2006/07/a-forensic-analysis-of-the-stolen-veterans-administration-laptop/ Ethical Hacking, Penetration Testing & Computer Security Tue, 07 Oct 2008 20:24:42 +0000 http://wordpress.org/?v=2.6.2 http://www.darknet.org.uk/2006/07/a-forensic-analysis-of-the-stolen-veterans-administration-laptop/#comment-3539 Joe Wed, 26 Jul 2006 01:55:48 +0000 http://www.darknet.org.uk/2006/07/a-forensic-analysis-of-the-stolen-veterans-administration-laptop/#comment-3539 usually they copy the hddd contents over and play with thise ones as the originals are evidnece in court. all processes are logged so that any results are re obtainalbe from another copy. usually they copy the hddd contents over and play with thise ones as the originals are evidnece in court. all processes are logged so that any results are re obtainalbe from another copy.

]]> http://www.darknet.org.uk/2006/07/a-forensic-analysis-of-the-stolen-veterans-administration-laptop/#comment-2824 Pedro Pinheiro Mon, 10 Jul 2006 13:57:19 +0000 http://www.darknet.org.uk/2006/07/a-forensic-analysis-of-the-stolen-veterans-administration-laptop/#comment-2824 And would it be possible to design a live CD that wouldn't leave ANY traces? Such as reading first the IDE info and reflashing afterwards, and not writing anything on the disk? It would be an interesting alternative to opening the laptop to remove the disk (impossible not to leave any traces, imagine doing it on an iBook!). And would it be possible to design a live CD that wouldn’t leave ANY traces? Such as reading first the IDE info and reflashing afterwards, and not writing anything on the disk? It would be an interesting alternative to opening the laptop to remove the disk (impossible not to leave any traces, imagine doing it on an iBook!).

]]> http://www.darknet.org.uk/2006/07/a-forensic-analysis-of-the-stolen-veterans-administration-laptop/#comment-2812 bj Mon, 10 Jul 2006 04:40:36 +0000 http://www.darknet.org.uk/2006/07/a-forensic-analysis-of-the-stolen-veterans-administration-laptop/#comment-2812 well; the real thing to do (if you were the bad guy) is to do a raw copy of the entire drive (dd / logicube) of the hard drive, then to do all your analysis on that..... that way you dont leave traces on the original drive (and not on the hardware if u use logicube or something equivalent). well; the real thing to do (if you were the bad guy) is to do a raw copy of the entire drive (dd / logicube) of the hard drive, then to do all your analysis on that….. that way you dont leave traces on the original drive (and not on the hardware if u use logicube or something equivalent).

]]> http://www.darknet.org.uk/2006/07/a-forensic-analysis-of-the-stolen-veterans-administration-laptop/#comment-2747 Darknet Fri, 07 Jul 2006 04:30:58 +0000 http://www.darknet.org.uk/2006/07/a-forensic-analysis-of-the-stolen-veterans-administration-laptop/#comment-2747 <strong>Pedro:</strong> You are right to a degree, it depends on the level of detail you go to. The thing is many of the modern bootable CD's mount any FAT32/NTFS partitions they find read/write which would leave last accessed information for any files you copied off. Also there is informations stored on the IDE channels, last accessed, last booted etc. Pedro: You are right to a degree, it depends on the level of detail you go to. The thing is many of the modern bootable CD’s mount any FAT32/NTFS partitions they find read/write which would leave last accessed information for any files you copied off. Also there is informations stored on the IDE channels, last accessed, last booted etc.

]]> http://www.darknet.org.uk/2006/07/a-forensic-analysis-of-the-stolen-veterans-administration-laptop/#comment-2746 Pedro Pinheiro Thu, 06 Jul 2006 23:20:28 +0000 http://www.darknet.org.uk/2006/07/a-forensic-analysis-of-the-stolen-veterans-administration-laptop/#comment-2746 What kind of traces would booting with a linux live CD leave...? As I understand (unless you delete/change files) when such live CDs mount an existing partition, they don't write anything on it. Am I wrong? What kind of traces would booting with a linux live CD leave…? As I understand (unless you delete/change files) when such live CDs mount an existing partition, they don’t write anything on it. Am I wrong?

]]> http://www.darknet.org.uk/2006/07/a-forensic-analysis-of-the-stolen-veterans-administration-laptop/#comment-2738 Data Recovery» Blog Archive » A Forensic Analysis of the Stolen Veterans Administration Laptop (search mac data recovery) Thu, 06 Jul 2006 11:05:06 +0000 http://www.darknet.org.uk/2006/07/a-forensic-analysis-of-the-stolen-veterans-administration-laptop/#comment-2738 [...] A Forensic Analysis of the Stolen Veterans Administration LaptopAn interesting speculative post on the techniques that would most likely be used by the FBI during… [...] [...] A Forensic Analysis of the Stolen Veterans Administration LaptopAn interesting speculative post on the techniques that would most likely be used by the FBI during… [...]

]]>