[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[port139:01514] Re: FYI: Forensic $B$H$O2?$+(B

To: port139@xxxxxxxxxxxxxxxxxxxxx
Subject: [port139:01514] Re: FYI: Forensic $B$H$O2?$+(B
From: Tanaka Souji <souta3@xxxxxxxxxxxxxx>
Date: Tue, 8 Oct 2002 21:29:16 +0900

(BOn Tue, 08 Oct 2002 11:34:37 +0900
(BKensuke Nezu <nez@xxxxxxxxxxx> wrote:
(B
(B> > forensic acquisition utilities $B$N(B dd.exe $B$OF~NO$H$7$F%a%b%j(B
(B> > (PhysicalMemory)$B$r;XDj$G$-$^$9$,!"(BUNIX $B$N(B dd $B$G$bF1MM$N;XDj(B
(B> > $B$,$G$-$^$9$G$7$g$&$+(B?
(B> > 
(B> > dd.exe if=\\.\PhysicalMemory of=d:\images\PhysicalMemory.img
(B> 
(B> $B$I$N%(%j%"$re$N(B
$B%G!<%?$,JQ2=$9$k$H;W$$$^$9$N$G!V40A4!W$J$b$N$OFq$7$$$d$K;W(B
$B$$$^$9$k(B.
(B
$B2<5-(B URL $B$K$"$j$^$9;qNA$G$b(B / dev/kmem, /dev/mem $B$r(B dd $B$K(B
$B$Fhttp://personal.ie.cuhk.edu.hk/~shlam/ssem/for/
(B
$B%@%s%W$7$?%a%b%j%$%a!<%8$r$I$N$h$&$K2r@O$9$k$+(B?$B$H$$$&LdBj(B
$B$b$"$k$d$K46$8$^$9$k$,(B...
(B
(B-- 
$BAF$K$7$FLn$K$7$FH\(B
(BTanaka Souji
(Bsouta3@xxxxxxxxxxxxxx

References:
- [port139:01509] FYI: Forensic $B$H$O(B$B2?$+(B
  - From: Tanaka Souji
- [port139:01511] Re: FYI: Forensic $B$H(B$B$O2?$+(B
  - From: Kensuke Nezu

Prev by Date: [port139:01513] Re: FYI: Forensic $B$H(B$B$O(B$B2?$+(B
Next by Date: [port139:01515] Re: FAT Filesystem
Previous by thread: [port139:01513] Re: FYI: Forensic $B$H(B$B$O(B$B2?$+(B
Next by thread: [port139:01517] FYI: TASK 1.52&Autppsy 1.62
Index(es):
- Date
- Thread

[port139:01514] Re: FYI: Forensic $B$H$O2?$+(B

[port139:01514] Re: FYI: Forensic $B$H$O2?$+(B