|
Security Basics
mailing list archives
RE: Initial Machine login - Computer Forensics 101
From: "David Gillett" <gillettdavid () fhda edu>
Date: Mon, 4 Feb 2008 09:23:36 -0800
Making the copy is the FIRST approach. In fact, make TWO copies --
one to save, and one to analyze. Hubby may want his laptop back, and
it doesn't sound like you have any legal basis to hold onto it.
There are tools that will let you set the Administrator password and
log in. But that immediately opens the question of what things on
the drive are the result of hubby's actions, and which of YOURS. If
there's any chance of someone wanting your findings to be given as
courtroom evidence, you don't want that to be in question.
Ideally, you want to be able to give the opposing legal team their
own copy of the drive image as you received it, so they can have their
own analysis done. (Hopefully, they'll come up with near enough the
same results you did that the matter won't have to go to trial.)
David Gillett
-----Original Message-----
From: listbounce () securityfocus com
[mailto:listbounce () securityfocus com] On Behalf Of Michael Condon
Sent: Saturday, February 02, 2008 8:15 PM
To: security-basics () securityfocus com
Subject: Initial Machine login - Computer Forensics 101
Here is a Computer Forensics 101 question.
Suppose a distraught woman comes to me with her husband's
laptop and wants me to search it for information about a
suspected marital indescretion.
1. Assuming it is an XP/Vista machine, how can I log in as
administrator?
2. Is the second approach to make a bistream copy of the hard
drive using an external USB har drive enclosure and proceed that way?
 By Date 
By Thread
Current thread:
- RE: Initial Machine login - Computer Forensics 101, (continued)
Re: Initial Machine login - Computer Forensics 101 PCSC Information Services (Feb 04)
RE: Initial Machine login - Computer Forensics 101 Murda Mcloud (Feb 05)
RE: Initial Machine login - Computer Forensics 101 David Gillett (Feb 05)
|
Intro
