±Your Account
Membership:
New Today: 0
New Yesterday: 5
Overall: 24166
Visitors: 156±Latest Webinar
±Latest Articles
· Geo-tagging & Photo Tracking On iOS
· KS – an open source bash script for indexing data
· Mobile Device Geotags & Armed Forces
· Categorization of embedded system forensic collection methodologies
· Interpretation of NTFS Timestamps
· What are ‘gdocs’? Google Drive Data – part 2
· What are ‘gdocs’? Google Drive Data
· Bad Sector Recovery
· Forensic Artifact: Malware Analysis in Windows 8
· Windows 8: Important Considerations for Computer Forensics and Electronic Discovery
· KS – an open source bash script for indexing data
· Mobile Device Geotags & Armed Forces
· Categorization of embedded system forensic collection methodologies
· Interpretation of NTFS Timestamps
· What are ‘gdocs’? Google Drive Data – part 2
· What are ‘gdocs’? Google Drive Data
· Bad Sector Recovery
· Forensic Artifact: Malware Analysis in Windows 8
· Windows 8: Important Considerations for Computer Forensics and Electronic Discovery
±Follow Us
±Latest Jobs
Back to top
Skip to content
Skip to menu
Back to top
Back to main
Skip to menu
Go to page 1, 2 Next
Er, yes, but that was what I was looking for.
From your answer I presume that you know the full format of the tape headers and the session headers, it would be most useful if you would share your knowledge with the rest of us.
_________________
Forensic Computer Services
Lotus Notes eDiscovery and Forensics
Tape eDiscovery and Forensics
Sorry Ron - I was probably just pointing out the obvious.
I'm sorry to say that I haven't done any work with Arcserve in years and that was as a sysadmin - so I can't help with the full format. Just had fun in the distant past with corrupt headers etc.
Arcserve
Arcserve
Posted: Thu Jun 18, 2009 11:35 am
Hi
Does anyone know the format of the arcserve tape header? In particular I am looking for the creation date.
Thanks
Ron
_________________
Forensic Computer Services
Lotus Notes eDiscovery and Forensics
Tape eDiscovery and Forensics
Does anyone know the format of the arcserve tape header? In particular I am looking for the creation date.
Thanks
Ron
_________________
Forensic Computer Services
Lotus Notes eDiscovery and Forensics
Tape eDiscovery and Forensics
-
roncufley - Senior Member
Re: Arcserve
Posted: Fri Jun 19, 2009 5:30 am
Just in case anyone is interested I now know the answer: starting at offset (decimal) 365 in the header is a date time string in C format.
_________________
Forensic Computer Services
Lotus Notes eDiscovery and Forensics
Tape eDiscovery and Forensics
_________________
Forensic Computer Services
Lotus Notes eDiscovery and Forensics
Tape eDiscovery and Forensics
-
roncufley - Senior Member
Re: Arcserve
Posted: Fri Jun 19, 2009 5:57 am
Thanks Ron, useful if someone's searching the forums in future - appreciate you taking the time.
Jamie
Jamie
-
jamie - Site Admin
Re: Arcserve
Posted: Fri Jun 19, 2009 6:28 am
Keep in mind that this will only give you the Tape Header - there can be multiple sessions within the tape.
-
IanF - Senior Member
Re: Arcserve
Posted: Sun Jun 21, 2009 3:56 am
- IanFKeep in mind that this will only give you the Tape Header
Er, yes, but that was what I was looking for.
From your answer I presume that you know the full format of the tape headers and the session headers, it would be most useful if you would share your knowledge with the rest of us.
_________________
Forensic Computer Services
Lotus Notes eDiscovery and Forensics
Tape eDiscovery and Forensics
-
roncufley - Senior Member
Re: Arcserve
Posted: Mon Jun 22, 2009 2:33 am
I see you have your answer.
You should have fun with ARCserve especially when you get to embedded SIDF data streams (System Idependent Data Format - otherwise known as Sanity Independent Data Format). ARCserve was my biggest headache when dealing with tapes - the format changes subtly between versions.
_________________
Paul Sanderson
Reconnoitre, VSC processing made easy - www.sandersonforensics...oitre.html
www.twitter.com/sandersonforens
You should have fun with ARCserve especially when you get to embedded SIDF data streams (System Idependent Data Format - otherwise known as Sanity Independent Data Format). ARCserve was my biggest headache when dealing with tapes - the format changes subtly between versions.
_________________
Paul Sanderson
Reconnoitre, VSC processing made easy - www.sandersonforensics...oitre.html
www.twitter.com/sandersonforens
-
PaulSanderson - Senior Member
Re: Arcserve
Posted: Mon Jun 22, 2009 6:07 am
- roncufley
Er, yes, but that was what I was looking for.
From your answer I presume that you know the full format of the tape headers and the session headers, it would be most useful if you would share your knowledge with the rest of us.
Sorry Ron - I was probably just pointing out the obvious.
I'm sorry to say that I haven't done any work with Arcserve in years and that was as a sysadmin - so I can't help with the full format. Just had fun in the distant past with corrupt headers etc.
-
IanF - Senior Member