mailing list archives
RE: tools used to examine a computer
From: H C <keydet89 () yahoo com>
Date: Tue, 18 Feb 2003 10:02:03 -0800 (PST)
Also on the point of copying files over the network
first, correct me if
I'm wrong but that damages the chain of evidence.
Now so? If one collects the necessary info (ie, MAC
times, NTFS ADSs, permissions, full path, etc), hashes
the file (MD5 and/or SHA-1), and then copies the file
over the network using something like 'dd' or type,
and netcat/cryptcat, how is the chain of evidence
broken? Especially if it's documented?
Have a look at the
link below, goes about it a bit long winded but
essentially shows how to
clone a hard drive over a network connection. This
can be done with
Windows machines as DD and Netcat can be run from
floppy on a Windows machine.
I'm not sure what you're getting at...first you make a
reference to breaking the chain of evidence by copying
a file, but then you talk about cloning an os over the
network using dd and netcat. Wouldn't doing so also
break your chain of evidence, if your reasoning is to
Do you Yahoo!?
Yahoo! Shopping - Send Flowers for Valentine's Day