Re: [sleuthkit-users] CD Forensics
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-users] CD Forensics
|
From: Nico K. <nka...@gm...> - 2006-01-12 18:18:22
|
I would like to thank everyone very much for their input. It has opened up some interesting additional avenues for exploration, which I will do right away. To answer a couple of questions, I began to dd (dcfldd, actually) the whole thing but started to run into heavy I/O errors after about 55MB or so. Obtaining the image slowed to a crawl where I would get about 1MB every minute, which ended up becoming unfeasible for this particular situation. = I would have loved to get the whole thing, but...oh well. So, I did all of m= y analysis on the 50MB chunk. I did run it through foremost and all it found was just the one file. I was able to verify that finding fairly easily using hexdump since it abbreviates the data with a simple asterisk if the preceeding line occurs more than once. That made the 50+MB fairly easy to skim through manually. The link to http://www.agilerm.net/linux1.html is excellent! Thanks again for your time! Nico |
