RE: RE: RE: windows 7 forensics

mailto:ncm...@gmail.com] Sent: Thursday, June 09, 2011 2:15 PM To: NT System Admin Issues Subject: Re: RE: RE: windows 7 forensics understand and agree. However, if the boss says, "do it anyway," what approach would you use? Jonathan A+, MCSA, MCSE Thumb-typed from my HTC Droid Incredible (a

Re: RE: RE: windows 7 forensics

>>I don't know if write blocking devices for USB flash drives exist on the market, but technologically there's no reason they couldn't. Yes, they do. http://www.siliconforensics.com/ps-135-2-read-only-write-protect-usb-media-card-reader.aspx *ASB *(Professional Bio

Re: RE: RE: windows 7 forensics

On Thu, Jun 9, 2011 at 8:43 PM, Jonathan wrote: >> ... avoid MS Windows, as it has a tendency to want to write to >> the disk ... Me, I'd boot a rescue Linux system ... devices that >> plug between the hard drive and the host adapter, and block all write >> commands ... > > Next question - what ab

RE: RE: RE: windows 7 forensics

bject: Re: RE: RE: windows 7 forensics forgot to include the link: http://www.ssddfj.org/papers/SSDDFJ_V1_1_Bem_Huebner.pdf Jonathan On Thu, Jun 9, 2011 at 8:43 PM, Jonathan mailto:ncm...@gmail.com>> wrote: Thanks again for the input. Next question - what about USB flash drive forensics

Re: RE: RE: windows 7 forensics

forgot to include the link: http://www.ssddfj.org/papers/SSDDFJ_V1_1_Bem_Huebner.pdf Jonathan On Thu, Jun 9, 2011 at 8:43 PM, Jonathan wrote: > Thanks again for the input. > > Next question - what about USB flash drive forensics? I briefly scanned the > first part of this article, albeit form

Re: RE: RE: windows 7 forensics

Thanks again for the input. Next question - what about USB flash drive forensics? I briefly scanned the first part of this article, albeit form 2007 Would what you describe below still be valid for a USB flash drive? Thanks, Jonathan On Thu, Jun 9, 2011 at 6:42 PM, Ben Scott wrote: > On

Re: RE: RE: windows 7 forensics

On Thu, Jun 9, 2011 at 2:15 PM, Jonathan wrote: > understand and agree.  However, if the boss says, "do it anyway," what > approach would you use? I would avoid MS Windows, as it has a tendency to want to write to the disk without asking. (Due to things like updating the MBR for various weird

Re: RE: RE: RE: windows 7 forensics

xcuse brevity and any misspellings. >> >> On Jun 9, 2011 2:37 PM, "John Cook" wrote: >> > Get it in writing for CYA. >> > >> > From: Jonathan [mailto:ncm...@gmail.com] >> > Sent: Thursday, June 09, 2011 2:15 PM >> > To: NT System Admin

RE: RE: RE: RE: windows 7 forensics

ty of the need to go beyond your initial examination. From: Jonathan [mailto:ncm...@gmail.com] Sent: Thursday, June 09, 2011 11:49 AM To: NT System Admin Issues Subject: Re: RE: RE: RE: windows 7 forensics Turns out we have a lawyer on the executive team. My instructions are to clone and go

Re: RE: RE: RE: windows 7 forensics

) on the > Verizon network. Please excuse brevity and any misspellings. > > On Jun 9, 2011 2:37 PM, "John Cook" wrote: > > Get it in writing for CYA. > > > > From: Jonathan [mailto:ncm...@gmail.com] > > Sent: Thursday, June 09, 2011 2:15 PM > > To:

Re: RE: RE: RE: windows 7 forensics

Cook" wrote: > Get it in writing for CYA. > > From: Jonathan [mailto:ncm...@gmail.com] > Sent: Thursday, June 09, 2011 2:15 PM > To: NT System Admin Issues > Subject: Re: RE: RE: windows 7 forensics > > > understand and agree. However, if the boss says, "

RE: RE: RE: windows 7 forensics

Get it in writing for CYA. From: Jonathan [mailto:ncm...@gmail.com] Sent: Thursday, June 09, 2011 2:15 PM To: NT System Admin Issues Subject: Re: RE: RE: windows 7 forensics understand and agree. However, if the boss says, "do it anyway," what approach would you use? Jonathan A+,

RE: RE: RE: windows 7 forensics

ailto:jonathan.l...@gmail.com] Sent: Thursday, June 09, 2011 2:24 PM To: NT System Admin Issues Subject: Re: RE: RE: windows 7 forensics I would beg him to contact a lawyer before proceeding. If that doesn't get anywhere, I'd ask for a signed letter indemnifying me of responsibility

RE: RE: RE: windows 7 forensics

Organization Email:ezi...@lifespan.org Cell:401-639-3505 From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Thursday, June 09, 2011 2:22 PM To: NT System Admin Issues Subject: RE: RE: RE: windows 7 forensics Boot it from a CD and image it then do your poking around. From

Re: RE: RE: windows 7 forensics

I would beg him to contact a lawyer before proceeding. If that doesn't get anywhere, I'd ask for a signed letter indemnifying me of responsibility should this proceed to litigation. First thing is to tell the boss that this is not a technical problem. It is a legal issue. A legal issue that requ

RE: RE: RE: windows 7 forensics

Boot it from a CD and image it then do your poking around. From: Jonathan [mailto:ncm...@gmail.com] Sent: Thursday, June 09, 2011 2:15 PM To: NT System Admin Issues Subject: Re: RE: RE: windows 7 forensics understand and agree. However, if the boss says, "do it anyway," what appro

Re: RE: RE: windows 7 forensics

understand and agree. However, if the boss says, "do it anyway," what approach would you use? Jonathan A+, MCSA, MCSE Thumb-typed from my HTC Droid Incredible (and yes, it really is) on the Verizon network. Please excuse brevity and any misspellings. On Jun 9, 2011 2:07 PM, "John Cook" wrote: