Wednesday, November 10, 2004

Harlan takes a pounding and keeps ticking

Harlan often comments here. (Hi Harlan!) A review of his book has been posted on Slashdot. To state the obvious, his received both good and bad responses from Slashdot. Mostly good.

Of course the usual obfuscators showed up within the first few comment posts. And the usual conspriracy freaks. According to one of them, you can recover files via a one-to-one bit copy even after the original had been overwritten ten times.

In an odd twist of timing, tonight's class worked with Helix to gather data from a running system. For those that don't know what it is, Helix is a Linux-based "live CD" that also is devoted to obtaining forensics data from live systems and making bit copies of storage devices. In addition to being a "live cd", you can also drop the CD into the drive on a running Windows system. "Autorun" will bring up an interface with a set of statically-compiled tools which allow you to perform various forensics functions (see the site for more info).

No comments:

Post a Comment