Definitely agree. Then you can reinstall the Windows box, get it up and running and do the analysis at your leisure.
Forensic Discovery by Dan Farmer and Wietse Venema is an excellent book on this subject, though slightly more UNIX focussed. cheers, Jamie On 07/04/06, l00t3r <[EMAIL PROTECTED]> wrote: > If you're really looking to do a full investigation you need to first > get a raw image from the device. -- Jamie Riden / [EMAIL PROTECTED] / [EMAIL PROTECTED] "Microsoft: Bringing the world to your desktop - and your desktop to the world." -- Peter Gutmann
