linux_forensics at Yahoo! Groups

linux_forensics at Yahoo! Groups http://tech.groups.yahoo.com/group/linux_forensics/ linux_forensics Caine 1.5 - Codename "Shining" Wed, 18 Nov 2009 12:38:17 GMT Nanni Bassetti http://tech.groups.yahoo.com/group/linux_forensics/message/3159 http://tech.groups.yahoo.com/group/linux_forensics/message/3159 Caine 1.5 is online! http://www.caine-live.net/ The Changelog is in home page. New tools, new manual, new web site, new graphics, new kernel. Thanks :-) ... Urgent Reply requested and guidline needed Sun, 15 Nov 2009 11:18:05 GMT santoshmtl http://tech.groups.yahoo.com/group/linux_forensics/message/3158 http://tech.groups.yahoo.com/group/linux_forensics/message/3158 Hello Friends, I am really new to Forensic field. I am doing Master of Engineering in Information Systems Security. I like this IT Security Field. Since, I am Caine 1.0 is online! Thu, 29 Oct 2009 23:54:47 GMT Nanni Bassetti http://tech.groups.yahoo.com/group/linux_forensics/message/3157 http://tech.groups.yahoo.com/group/linux_forensics/message/3157 Today was born Caine 1.0, new tools, new mounting policies (safer), new patch....enjoy it! http://www.caine-live.net/ bye ... Dott. Nanni Bassetti Consulente ssdeep hashset Mon, 19 Oct 2009 21:07:20 GMT Tony Rodrigues http://tech.groups.yahoo.com/group/linux_forensics/message/3156 http://tech.groups.yahoo.com/group/linux_forensics/message/3156 Hi, folks ! What ssdeep hashset do you use to sort/filter a forensic image ? NSRL doesn't have it, yeah ? []s -- Tony Rodrigues, CISSP, CFCP Forense Re: MS Office meta data Mon, 12 Oct 2009 01:14:41 GMT Simson Garfinkel http://tech.groups.yahoo.com/group/linux_forensics/message/3155 http://tech.groups.yahoo.com/group/linux_forensics/message/3155 I use libextractor for traditional MS Office files and custom-written tools for the XML-based file formats. You may also find this interesting: Garfinkel, S., Re: MS Office meta data Thu, 08 Oct 2009 23:49:19 GMT Bob Kardell http://tech.groups.yahoo.com/group/linux_forensics/message/3154 http://tech.groups.yahoo.com/group/linux_forensics/message/3154 If you are into Perl programing, look at Harlan Carvey's Perl mod File::MSWord and see: http://windowsir.blogspot.com/2006/09/metadata-and-ediscovery.html you Re: MS Office meta data Thu, 08 Oct 2009 23:24:58 GMT Jeff Bryner http://tech.groups.yahoo.com/group/linux_forensics/message/3153 http://tech.groups.yahoo.com/group/linux_forensics/message/3153 linkblast: https://blogs.sans.org/computer-forensics/2009/07/10/office-2007-metadata/ http://blog.kiddaland.net/dw/cat_open_xml.pl Re: MS Office meta data Thu, 08 Oct 2009 21:10:49 GMT Lehr, John http://tech.groups.yahoo.com/group/linux_forensics/message/3152 http://tech.groups.yahoo.com/group/linux_forensics/message/3152 Take a look here for several ideas: http://viaforensics.com/computer-forensic-howtos/howto-extract-metadata- microsoft-word-linux.html Re: MS Office meta data Thu, 08 Oct 2009 21:03:17 GMT sean.mclinden http://tech.groups.yahoo.com/group/linux_forensics/message/3151 http://tech.groups.yahoo.com/group/linux_forensics/message/3151 Payne Consulting's Metadata Assistant for versions of Office prior to 2007. Make sure that you have Office 2003 installed not Office 2007 and don't convert MS Office meta data Thu, 08 Oct 2009 20:36:50 GMT Donald Raikes http://tech.groups.yahoo.com/group/linux_forensics/message/3150 http://tech.groups.yahoo.com/group/linux_forensics/message/3150 Hi all, Please forgive the cross-posting. I am trying to find any information on MS office metadata, and how to extract it. Is there a spec available for SFDumper 2.1 Tue, 06 Oct 2009 09:32:06 GMT Nanni Bassetti http://tech.groups.yahoo.com/group/linux_forensics/message/3149 http://tech.groups.yahoo.com/group/linux_forensics/message/3149 We brought out the SFDumper 2.1, now finally all the problems on the file names and filtering by extension have been resolved. Try it: Re: Tampered data Sun, 04 Oct 2009 16:10:07 GMT nehal dattani http://tech.groups.yahoo.com/group/linux_forensics/message/3148 http://tech.groups.yahoo.com/group/linux_forensics/message/3148 Hi farmerdude I am looking for a feature in web server that is it possible to IDENTIFY about status of data. I mean that weather it is system/browser Re: cloning partitions Sun, 04 Oct 2009 01:28:45 GMT Jacques B. http://tech.groups.yahoo.com/group/linux_forensics/message/3147 http://tech.groups.yahoo.com/group/linux_forensics/message/3147 Although I normally don't top post, I suspect that is probably more practical in your case. Not sure if the accessibility software properly skips to the Re: cloning partitions Sun, 04 Oct 2009 01:06:34 GMT Donald Raikes http://tech.groups.yahoo.com/group/linux_forensics/message/3146 http://tech.groups.yahoo.com/group/linux_forensics/message/3146 Jacques, Thank you for the honest response and warnings. I realize there are some real issues with trying to hunt this down, however, since I have been Re: Tampered data Sat, 03 Oct 2009 23:05:32 GMT farmerdude http://tech.groups.yahoo.com/group/linux_forensics/message/3145 http://tech.groups.yahoo.com/group/linux_forensics/message/3145 Hi Nehal, Are you looking to identify if the Tamper Data plugin was installed on a system, or something else? Am not clear. Cheers! farmerdude