I use linux for this because it leaves the NTFS file system completely unmodified. It doesn't diddle with any time stamps, hidden recycler folders or anything else. Everytime I've attached a new NTFS drive to a w2k system, it touches things on it during the boot process and the file system is no longer what I consider clean. My experience with doing this sort of thing is from a forensics perspective where you do not want anything on the target file system modified in any way, especially time stamps and unallocated disk space. I don't think linux is the do-all and end-all for computing, but I absolutely will not use Windows when I need to know what is going on beneath the skirts of the OS. And since I've been doing a lot of NTFS data recovery using linux recently, that was what popped into my mind when I read the original post. After I'd written my linux piece I realized that this person probably didn't care whether his NTFS system got tagged by another Windows OS or not, so I added the bit about strapping it to another Windows box.
-----Original Message----- From: Raoul Armfield [mailto:[EMAIL PROTECTED] Sent: Thursday, June 19, 2003 9:32 AM To: [EMAIL PROTECTED] Subject: RE: Digital Evidence Question - What is an effective Windows hard -disk search tool? :-----Original Message----- :From: Gene LeDuc [mailto:[EMAIL PROTECTED] :Sent: Wednesday, June 18, 2003 6:20 PM :To: 'Wilcox, Stephen' :Cc: [EMAIL PROTECTED] :Subject: RE: Digital Evidence Question - What is an effective :Windows hard -disk search tool? : : :If all you want to do is recover the info, you can attach the :hard drive to :a linux box and mount the NTFS partition. From that point you :can browse :the NTFS file system and copy any files you want. Depending :on the flavor :and version of linux, you may have to load an NTFS driver; I believe :sourceforge has a read-only driver. If you don't have a linux :box hanging :around then I suppose you could also attach the drive to :another MS box and :access it natively. Let me start by saying I have learned a lot from this list. However, my question now is, why do so many of you try to solve everything using linux. I realize that linux is an excellent OS and a true NOS however, in this case isn't that like going to points C and D to get from A to B? Like Chris Berry said and Gene LeDuc conceded, simply drop it into a Win2K box as a slave and copy the files. Worse come to worse you take ownership of the files in question (you do have admin rights on a Win2K box right?) Sometimes we get lost in the simplicity of the answer. No need to load NTFS drivers in linux. Raoul --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
