Re: [sleuthkit-users] anti-forensic
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-users] anti-forensic
|
From: Brian C. <ca...@sl...> - 2004-01-27 23:20:10
|
On Tuesday, January 27, 2004, at 01:58 PM, nighty wrote: > today I found an interesting article titled "Defeating Forensic > Analysis on > Unix" in the phrack magazine #59 dealing with several anti-forensic > strategies, as well an with flaws of forensic tools, "The Coroner's > Toolkit" [...] > It would be interesting to know, whether the technical insufficiencies > presented in the article have also any validity for the Sleuth Kit's > capabilities of forensic analysis. I haven't read that in a while, but it dealt with not being able to view inode #1. When The Sleuth Kit was developed, that limitation was removed and it was able to view the contents of inode #1. TCT fixed the bug at some point, but I'm not sure which version. brian |
