Hosting Provided By

RE: Diskedit

From: Curt Purdy <purdy(at)tecman.com>
Date: Tue Apr 22 2003 - 12:22:15 EDT

The last time I used it was to recover a critical file that I lost after being hit by the Chernobal CIH virus in April/99. As it reformatted by re-writing your fat table, I did an ascii search on a phrase in the doc, found all the clusters it used, wrote that in the fat table with appropriate offsets and had access to it. Had experience in the early 80's with hex editors to manually repair drives that were notoriously unreliable in the early days (spent $900 for my first 5mb hard drive & thought I would NEVER use all that space. Course if I used only *NIX that might still be enough ;)

Curt Purdy CISSP, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions

If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked.
-- White House cybersecurity adviser Richard Clarke

-----Original Message-----

From: Steve Hailey [mailto:shailey@edcc.edu] Sent: Thursday, April 17, 2003 8:02 PM
To: 'forensics@securityfocus.com'
Subject: Diskedit

I have several students in my Introduction to Computer Forensics class that would like additional material and exposure on using the old Norton Diskedit. I'd appreciate any information that my fellow examiners and/or instructors could provide, such as URL's or recommendations on books. We use the program to teach basics of how information is stored when using FAT, as well as how to use some of the basic features for forensic examinations. I'd also love to hear how any of you are using this old workhorse of a program. As well, any good tools out there for viewing the MFT under NTFS?

Steve Hailey
www.btc.edcc.edu <http://www.btc.edcc.edu>

This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com

This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com Received on Tue Apr 22 12:39:45 2003

This message: [ Message body ]
Next message: Christine Siedsma: "RE: Diskedit"
Previous message: Luis Gomez: "Re: Citrix"
In reply to: Steve Hailey: "Diskedit"
Reply: s.cappendell(at)aevwl.de: "RE: Waste, Fraud, Abuse"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:43 EDT