Andy,
Indeed, but this is a separate copy specifically created for testing FTK and a disk spidering tool we have written. I have my forensically sound image stored elsewhere currently.
Thanks again.
Understood…… Just out of interest, what does your spidering tool do?
Andy
It's a server-client tool that we use to search for sensitive data on web servers and sql servers. written in perl, it attempts some sql injection to see what it can find on a public server. However, it functions on a mounted disk image.
We use helix almost exclusively, so we mount the dd image on the loopback, and scour the disk with the spider tool. It matches based on regexes, and spits out 1k surrounding the match in to a logfile.
Hogfly
Sounds interesting are you planning to release the tool?
Nick
nick,
it's something that would have to be discussed internally, but I don't see why anyone here wouldn't want to release it.
I would certainly like a copy of the tool and proceedure if that becomes possible.
Nick
I would certainly like a copy of the tool and proceedure if that becomes possible.
Nick
hi,
the imager is a free download from accessdata.com and does not require the hardware token to run.. it is only required for the access data analysis suites such as prtk and ftk etc.
flytnx,
Yeah I use FTK imager all the time I was referring to the spidering tool that hogfly was describing.
Thanks anyway.
Nick