Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

[News] Linux, Windows, and Forensics Software

  • Subject: [News] Linux, Windows, and Forensics Software
  • From: Roy Schestowitz <newsgroups@xxxxxxxxxxxxxxx>
  • Date: Sat, 11 Aug 2007 17:24:21 +0100
  • Newsgroups: comp.os.linux.advocacy
  • Organization: Netscape / schestowitz.com
  • User-agent: KNode/0.10.4
How to break forensics software 

,----[ Quote ]
| One of the problems they found was that EnCase didn't like mangled MBRs, and 
| from this they noticed that Linux and EnCase handled file systems in a 
| completely different way. If you make a directory loop manually, EnCase hides 
| all the files from that point on while Linux can see it just fine. Similarly, 
| if you make a deeply nested directory, thousands deep with no other children, 
| EnCase crashes. Both can be used to hide things, and both will be fixed in a 
| near future revision.      
`----

http://www.theinquirer.net/default.aspx?article=41616

Another Day, Another Windows Crash

,----[ Quote ]
| Last night I received an email from a friend with an XP computer. It seems 
| that the computer was shutdown abruptly, and afterwards it would only boot 
| with a message that the computer could not start, due to a missing or corrupt 
| file hal.dll.   
`----

http://darkbrownhole.blogspot.com/2007/08/another-day-another-windows-crash.html


Related:


Notes on Vista forensics

,----[ Quote ]
| The problems are not only related to forensic software, however, and
| while some may be addressed with a simple driver update others may
| be considered even more fundamental as Scott A Moulton of Forensic
| Strategy Services, LLC. explains: "I still have major problems
| mounting large drives under Vista. I use many 1 terabyte or 2
| terabyte drives and Vista is absolutely worthless on these drives -
| I'm lucky if Vista does not actually mess the drive up. Deleting
| files is a nightmare and sometimes takes days. Just simply copying
| files is so slow it is unbearable.
| 
| "I received quite a few responses from people who have had similar
| issues and it seems that DRM [Digital Rights Management] may be the
| most probable cause. They've found that Vista tries to check each 
| file to see if there is a protection flag on it or not before even
| deleting the file."
`----

http://www.theregister.co.uk/2007/04/16/vista_forensics_2/page3.html


,----[ Quote ]
| Vista—Microsoft’s latest operating system—may prove to be most
| appropriately named, especially for those seeking evidence of how a
| computer was used.
`----

http://www.abanet.org/journal/ereport/jy13tkjasn.html

[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index