Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Light forensics
From: "H. Kurth Bemis" <kurth () kurthbemis com>
Date: Mon, 11 Jan 2010 13:14:00 -0500

I'll second GetDataBack (Fat and NTFS).  If memory serves, the cost of
the software was relatively inexpensive.  I think around 50 USD.  Well
worth it IMHO.

~k

On Thu, 2010-01-07 at 01:37 -0600, Adrian Puente Z. wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Eduardo Sierra wrote:
Hi,

We had a security incident, and i'm doing a "light" forensics.

Is there a log you can check to see IP Address Changes in a Windows XP Box?
Well logging in Windows XP is really lame, in my little experience with
Windows Incidents the Event Viewer shows you all the logs the system
uses. Maybe I am wrong but I believe that maybe the Windows Registry
keeps something.

Any good free tool to undelete files?
Free Apps in windows systems y really rare. But I recommend GetdataBack
http://www.runtime.org/data-recovery-software.htm

It always have worked for me, I haven't found any good NTFS free
recovery tool.

Many thanks,

Eduardo Sierra

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB 
CPT and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAktFjzIACgkQW2tF/eN2yfYPAgCcC81XoSwgemuRzdElVNWWL3on
0MMAnAnqlVZgSVSpjVVUNLr8AQsQ6d4H
=0/o2
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------




------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault