Forums
Main Category
General (Technical,...
PeerLab
 
Notifications
Clear all

PeerLab

 
Page 1 / 2
General (Technical, Procedural, Software, Hardware etc.)
Last Post by a_kuiper 14 years ago
11 Posts
7 Users
0 Reactions
1,359 Views
RSS
Jamie
 Jamie
(@jamie)
Moderator
Joined: 5 years ago
Posts: 1288
02/08/2010 5:08 pm  

Please use this thread for discussion of the "PeerLab" review.


   
Quote
rjpear
 rjpear
(@rjpear)
Trusted Member
Joined: 19 years ago
Posts: 97
02/08/2010 5:56 pm  

One thing I would like this tool to do, Besides the examine the E01 file without mounting it.., would be able to point it at a folder I created, with a Mess of DAT' files etc, that I pulled from a drive (or an EnScript Tagged for me) and have it process whatever is in the folder..


   
ReplyQuote
 pengzy
(@pengzy)
New Member
Joined: 16 years ago
Posts: 2
02/08/2010 6:35 pm  

Just a query, does anyone know how does this compare to another P2P examination software, P2P Marshal?


   
ReplyQuote
 a_kuiper
(@a_kuiper)
Trusted Member
Joined: 16 years ago
Posts: 69
02/08/2010 10:00 pm  

@rjpear You can scan individual folders and process the found files in the wizard but batch-processing is only implemented for Google Hello. Mostly there are only 1 or 2 files of interest (known.met, library5.dat, library.dat…) which IMHO do not require such an option. Can be implemented in future versions if needed ).


   
ReplyQuote
azrael
 azrael
(@azrael)
Honorable Member
Joined: 19 years ago
Posts: 656
03/08/2010 2:48 pm  

Jonathan ! How could you ! 😉

"I inserted the CD and nothing; no auto-start routine which I think may suit some people."

As a control, I would expect that auto-run would be disabled on any machine that needed to be secure, forensic examination machines too !

See http//news.cnet.com/8301-13554_3-10027754-33.html for interest and Google "auto-run disable" for how to do it …

Si


   
ReplyQuote
 Jonathan
(@jonathan)
Prominent Member
Joined: 20 years ago
Posts: 878
03/08/2010 4:34 pm  

Apologies, I wasn't very clear there. I meant that there's no AutoPlay dialogue box presenting options of what the user wants to do with the inserted media.

By default on Windows 7 (which I tested PeerLab on), and now also XP and Vista via Windows Updates, AutoRun is not an option in the AutoPlay dialogue for devices that are not removable optical media, such as the USB devices mentioned in the CNET link you posted. MSDN post on AutoPlay


   
ReplyQuote
 ronanmagee
(@ronanmagee)
Estimable Member
Joined: 20 years ago
Posts: 145
04/08/2010 2:24 am  

… AutoRun is not an option in the AutoPlay dialogue for devices that are not removable optical media …

You may want to read this post over at f-secure


   
ReplyQuote
 Jonathan
(@jonathan)
Prominent Member
Joined: 20 years ago
Posts: 878
04/08/2010 3:03 am  

… AutoRun is not an option in the AutoPlay dialogue for devices that are not removable optical media …

You may want to read this post over at f-secure

That's since been addressed as f-secure acknowledge "It's quite evident that the folks at Microsoft are working very diligently on this issue. Our concerns have been addressed and the advisory no longer lists Windows 7 AutoPlay as a mitigation. We thank them for this clarification." http//www.f-secure.com/weblog/archives/00001994.html Do keep up! wink

Anyway, we're getting slightly off-track here. I'd like to think forensic specialists are mostly able to be trusted with their own equipment, know the consequences of their actions on a PC and know how to mitigate malware risks.


   
ReplyQuote
 a_kuiper
(@a_kuiper)
Trusted Member
Joined: 16 years ago
Posts: 69
13/08/2010 11:34 pm  

PeerLab v1.04 out now!

Version-history
http//www.kuiper.de/index.php?option=com_content&view=article&id=64&Itemid=67&lang=en


   
ReplyQuote
 a_kuiper
(@a_kuiper)
Trusted Member
Joined: 16 years ago
Posts: 69
23/11/2010 2:24 am  

PeerLab v1.10 out now!

Evaluate ICQ and GigaTribe! Export to Excel (.xls)! …

Version-history @ http//bit.ly/9bhqM4


   
ReplyQuote
Page 1 / 2
Forum Jump:
  Previous Topic
Next Topic  
Share: