You can use Helix Live CD, is easy you dont need to install anything all the tools for imaging or recovery files are there. There are 2 versions, free and commercial both works great
Regards Carlos A. Ayala Rocha CISSP, GPEN, GCIH, GCFA, INFOSEC, Security+, Network+, CWNA, CWSP Senior Systems Engineer Mexico, Central America & Caribbean TippingPoint Technologies (55) 5201-0052 (Office) (55) 1474-5835 (Cell) [email protected] www.tippingpoint.com ________________________________________ De: [email protected] [[email protected]] En nombre de Tim Krabec [[email protected]] Enviado el: martes, 19 de enero de 2010 07:18 a.m. Para: PaulDotCom Security Weekly Mailing List Asunto: Re: [Pauldotcom] foremost and data forensics I believe thee are tools but I'm no sure which ones will do that On Jan 19, 2010, at 4:04 AM, Monkey Daemon <[email protected] > wrote: > So can I image the partition in "realtime" or do I need to take the > server off-line and boot from a live cd? > > MWD. > > 2010/1/18 Tim Krabec <[email protected]>: >> I would recommend that you image the drive, then you can try >> multiple things >> with out risk of damaging the original content. As we're all aware >> sometime >> the how-tos and directions can need a bit of tweaking, there's >> nothing like >> being able to get a second chance or third or fourth when learning. >> >> >> >> On Mon, Jan 18, 2010 at 2:57 PM, Monkey Daemon >> <[email protected]> wrote: >>> >>> Hi all, >>> >>> I've been asked to search a computer for files that have been >>> deleted >>> recently. >>> >>> As far as I am aware the disks have not been wiped (the directory >>> structure appears to be intact) and there is no need for this to pbe >>> presented in a court of law. >>> >>> I've looked at foremost and it appears to only apply to a given >>> partition. >>> >>> As I am only interested in a particular directory and the disk >>> partion >>> that the directory resides on is an ext3 LVM volume, are there any >>> risks in using foremost to recover this data? >>> >>> Kind regards, >>> >>> MWD >>> _______________________________________________ >>> Pauldotcom mailing list >>> [email protected] >>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>> Main Web Site: http://pauldotcom.com >> >> >> >> -- >> Tim Krabec >> Kracomp >> 772-597-2349 >> smbminute.com >> kracomp.blogspot.com >> www.kracomp.com >> >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
