[prev in list] [next in list] [prev in thread] [next in thread]
List: forensics
Subject: RE: Linux, dd, and image file
From: "Altheide, Cory B." <AltheideC () nv ! doe ! gov>
Date: 2003-04-04 16:55:46
[Download RAW message or body]
> -----Original Message-----
> From: Stephen Samuel [mailto:samuel@bcgreen.com]
> Sent: Thursday, April 03, 2003 10:30 AM
> To: forensics@securityfocus.com; jcreyes@007mundo.com
> Subject: Re: Linux, dd, and image file
>
>
> One problem with imaging each partition is that you may miss
> some pertinent information. The partitions don't always
> encompas the entire disk, and a knowledgable intruder might
> store info in the inter-partition spaces. (one example
> includes a recent to-do about some Windows Tax software that
> stored copy-protection information in unused portions of the
> boot track)
>
A knowledgable investigator might image the inter-partition spaces (and
pre-/post-partition spaces), as well as the partitions. :)
Cory Altheide
Computer Forensics Specialist
NCI Information Systems, Inc.
NNSA Cyber Forensics Center
altheidec@nv.doe.gov
-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic