Hello, we found out that many sectors changed on disk-space without a filesystem! (High-level troyaner or hidden volume?)
Therefore we made several point over time(dd-images) of the whole disk and hoped to be able to analyse the changes later on with commercial forensic software. But unfortunately this seems not to be possible with any of the public available forensic softwares :-) Questions: 1. Is OSSEC able to detect sector changes on disk-space without a filesystem? 2. If not yet, how many hours would be required to write such a feature? Thank you very much in advance for any feedback! Peter -- GMX FreeMail: 1 GB Postfach, 5 E-Mail-Adressen, 10 Free SMS. Alle Infos und kostenlose Anmeldung: http://www.gmx.net/de/go/freemail
