Just so every one knows there is going to be a SMART
for Linux class being held in Las Vegas the week of
January 12-15. You can contact ASR Data for prices
and/or contact me for the location details.

Detective Larry Smith
Las Vegas Metro PD Computer Forensics
Cyber Crimes Detail
702-812-0178
larry@...

__________________________________
Do you Yahoo!?
Free Pop-Up Blocker - Get it now
http://companion.yahoo.com/

At this class you can meet the world-famous Cory Altheide, live, in person.
I will be available for autographs after the class.

PS - You can also learn a lot about SMART.

Cory Altheide
Computer Forensics Specialist
NNSA Information Assurance Response Center (IARC)
altheidec@...


> -----Original Message-----
> From: Larry S [mailto:lasvegascop@...]
> Sent: Monday, December 01, 2003 11:02 AM
> To: linux_forensics@yahoogroups.com
> Subject: [linux_forensics] SMART Class
>
>
> Just so every one knows there is going to be a SMART
> for Linux class being held in Las Vegas the week of
> January 12-15. You can contact ASR Data for prices
> and/or contact me for the location details.
>
> Detective Larry Smith
> Las Vegas Metro PD Computer Forensics
> Cyber Crimes Detail
> 702-812-0178
> larry@...

I am also very interested in this.  Specifically, how to tie activity
detected by Driftnet to specific IPs on the network.  Any info on
this would be helpful...

- Paul Alvarez

--- In linux_forensics@yahoogroups.com, "IanC" <saladin@a...> wrote:
> > -----Original Message-----
> > From: Horner, Jonathan J (JH8) [mailto:hornerj@y...]
> >
> > Has anyone created any procedures or best practices for
cataloguing and
> > verifying the electronic evidence generated in the information
discovery
> > part of a waste, fraud, and abuse investigation?
> >
> > We currently watch for porn surfers and run a driftnet process on
> > our heavy
> > offenders.  I'm looking for a way to procedurize this process, as
well as
> > add some md5sum'ing to the process so that our electronic
evidence will be
> > admissible should this ever go further than an HR hearing.
> >
> > Ideas?
> >
> > Thanks,
> >
> >
> > J. J. Horner (Jon)
>
>
> I honestly don't know what the fook your talking about!
> But it does sound good to me  :-)
>
> Are you talking about ISP monitoring - or Web Activity - Profiling -
  or the
> Forensic Examination of drive(s) - or trying to combine them
somehow, all
> together into one database of suspect info?
>
> If that's the case that will be awesome - if not,,, I am still
really
> interested in getting this thread moving.
>
>
>
> Best Regards - Ian
> - - - - - - - - - - - - - - - - - -
> Data Recovery/Computer Forensics
> Specialist WWW & Email Investigations
> http://www.PI-Supply.com
> - - - - - - - - - - - - - - - - - -
> Director & Team Member of MissingKIN
> "Dedicated to finding missing and abducted children"
> http://www.MissingKIN.com
> - - - - - - - - - - - - - - - - - -
> "The strongest oak tree of the forest is not the one that is
protected from
> the storm and hidden from the sun. It's the one that stands in the
open
> where it is compelled to struggle for its existence against the
winds and
> rains and the scorching sun."

Don't forget the spiffy T-shirts...

--- "Altheide, Cory B." <AltheideC@...> wrote:
> At this class you can meet the world-famous Cory
> Altheide, live, in person.
> I will be available for autographs after the class.
>
> PS - You can also learn a lot about SMART.
>
> Cory Altheide
> Computer Forensics Specialist
> NNSA Information Assurance Response Center (IARC)
> altheidec@...
>
>
> > -----Original Message-----
> > From: Larry S [mailto:lasvegascop@...]
> > Sent: Monday, December 01, 2003 11:02 AM
> > To: linux_forensics@yahoogroups.com
> > Subject: [linux_forensics] SMART Class
> >
> >
> > Just so every one knows there is going to be a
> SMART
> > for Linux class being held in Las Vegas the week
> of
> > January 12-15. You can contact ASR Data for prices
> > and/or contact me for the location details.
> >
> > Detective Larry Smith
> > Las Vegas Metro PD Computer Forensics
> > Cyber Crimes Detail
> > 702-812-0178
> > larry@...


=====
Regards -

Andrew Rosen
ASR Data Acquisition & Analysis, LLC - Austin, Texas

__________________________________
Do you Yahoo!?
Protect your identity with Yahoo! Mail AddressGuard
http://antispam.yahoo.com/whatsnewfree

t-shirts? we get t-shirts this time? very cool.. i
aint sayin nuthin cuz I want a few...lolol




__________________________________
Do you Yahoo!?
Free Pop-Up Blocker - Get it now
http://companion.yahoo.com/

"Spiffy" hmm,  that's a very English word,  perhaps you need an
injection of some Welsh culture :-)

On Tue, 2003-12-02 at 21:22, Andrew Rosen wrote:
> Don't forget the spiffy T-shirts...
>
> --- "Altheide, Cory B." <AltheideC@...> wrote:
> > At this class you can meet the world-famous Cory
> > Altheide, live, in person.
> > I will be available for autographs after the class.
> >
> > PS - You can also learn a lot about SMART.
> >
> > Cory Altheide
> > Computer Forensics Specialist
> > NNSA Information Assurance Response Center (IARC)
> > altheidec@...
> >
> >
> > > -----Original Message-----
> > > From: Larry S [mailto:lasvegascop@...]
> > > Sent: Monday, December 01, 2003 11:02 AM
> > > To: linux_forensics@yahoogroups.com
> > > Subject: [linux_forensics] SMART Class
> > >
> > >
> > > Just so every one knows there is going to be a
> > SMART
> > > for Linux class being held in Las Vegas the week
> > of
> > > January 12-15. You can contact ASR Data for prices
> > > and/or contact me for the location details.
> > >
> > > Detective Larry Smith
> > > Las Vegas Metro PD Computer Forensics
> > > Cyber Crimes Detail
> > > 702-812-0178
> > > larry@...
>
>
> =====
> Regards -
>
> Andrew Rosen
> ASR Data Acquisition & Analysis, LLC - Austin, Texas
>
> __________________________________
> Do you Yahoo!?
> Protect your identity with Yahoo! Mail AddressGuard
> http://antispam.yahoo.com/whatsnewfree
>
>
> To unsubscribe from this group, send an email to:
> linux_forensics-unsubscribe@yahoogroups.com
>
>
>
> Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
>
>

That was "Spiffy" not "Stiffy".
No injections, please.
Among numerous enhancements to the course, we will be
showing how to run SMART from a Mac, a Windows box,
remotely, with no need to know how to
install/configure/administer a Linux system.

--- echo6 <echo6@...> wrote:
> "Spiffy" hmm,  that's a very English word,  perhaps
> you need an
> injection of some Welsh culture :-)
>

=====
Regards -

Andrew Rosen
ASR Data Acquisition & Analysis, LLC - Austin, Texas

__________________________________
Do you Yahoo!?
Protect your identity with Yahoo! Mail AddressGuard
http://antispam.yahoo.com/whatsnewfree

How much is the course Andrew?



-----Original Message-----
From: Andrew Rosen [mailto:asrdata@...]
Sent: Friday, December 05, 2003 8:06 AM
To: linux_forensics@yahoogroups.com
Subject: RE: [linux_forensics] SMART Class


That was "Spiffy" not "Stiffy".
No injections, please.
Among numerous enhancements to the course, we will be
showing how to run SMART from a Mac, a Windows box,
remotely, with no need to know how to install/configure/administer a
Linux system.

--- echo6 <echo6@...> wrote:
> "Spiffy" hmm,  that's a very English word,  perhaps
> you need an
> injection of some Welsh culture :-)
>

=====
Regards -

Andrew Rosen
ASR Data Acquisition & Analysis, LLC - Austin, Texas

__________________________________
Do you Yahoo!?
Protect your identity with Yahoo! Mail AddressGuard
http://antispam.yahoo.com/whatsnewfree


To unsubscribe from this group, send an email to:
linux_forensics-unsubscribe@yahoogroups.com



Your use of Yahoo! Groups is subject to
http://docs.yahoo.com/info/terms/

Thank you for asking Flint -

The course is 4 days - Monday, January 12 through
Thursday, January 15, 2004.  The course is being
hosted by the Las Vegas Metropolitan Police Department
- Secret Service Task Force - High Tech Crimes Unit.

Just as with all our other training, the facilities
are top notch as well (SkillRamp of Las Vegas).  The
course will be presented by myself and Thomas Rude
(aka Farmerdude).

Law Enforcement Officers who do not yet have a copy of
SMART and have not yet attended ASR Data's
Intermediate course are $2,000 and Non sworn are
$3,000.  This includes a licensed copy of SMART, the
courseware and materials and 4 days of top notch
training.

Licensed users of SMART will receive a full credit
applied towards their tuition.

This class will be the first to see exciting new
features and concepts that bring "enterprise"
functionality to individual examiners, workgroups and
task forces, providing advanced capabilities not
available in any other integrated solution.

Class capacity is limited to 24 students.  Last I
heard, there were still 5 or 6 seats left, available
on a first come, first served basis.

Happy Holidays -

Andrew Rosen
ASR Data



--- Flint Waters <Flint@...> wrote:
> How much is the course Andrew?
>


=====
Regards -

Andrew Rosen
ASR Data Acquisition & Analysis, LLC - Austin, Texas

__________________________________
Do you Yahoo!?
Protect your identity with Yahoo! Mail AddressGuard
http://antispam.yahoo.com/whatsnewfree

Are they any other dates, locations, etc besides Las Vegas? Anything in
Upstate NY?!!

Thanks,

Dan


-----Original Message-----
From: Andrew Rosen
To: linux_forensics@yahoogroups.com
Sent: 12/7/2003 5:14 PM
Subject: RE: [linux_forensics] SMART Class

Thank you for asking Flint -

The course is 4 days - Monday, January 12 through
Thursday, January 15, 2004.  The course is being
hosted by the Las Vegas Metropolitan Police Department
- Secret Service Task Force - High Tech Crimes Unit.

Just as with all our other training, the facilities
are top notch as well (SkillRamp of Las Vegas).  The
course will be presented by myself and Thomas Rude
(aka Farmerdude).

Law Enforcement Officers who do not yet have a copy of
SMART and have not yet attended ASR Data's
Intermediate course are $2,000 and Non sworn are
$3,000.  This includes a licensed copy of SMART, the
courseware and materials and 4 days of top notch
training.

Licensed users of SMART will receive a full credit
applied towards their tuition.

This class will be the first to see exciting new
features and concepts that bring "enterprise"
functionality to individual examiners, workgroups and
task forces, providing advanced capabilities not
available in any other integrated solution.

Class capacity is limited to 24 students.  Last I
heard, there were still 5 or 6 seats left, available
on a first come, first served basis.

Happy Holidays -

Andrew Rosen
ASR Data



--- Flint Waters <Flint@...> wrote:
> How much is the course Andrew?
>


=====
Regards -

Andrew Rosen
ASR Data Acquisition & Analysis, LLC - Austin, Texas

__________________________________
Do you Yahoo!?
Protect your identity with Yahoo! Mail AddressGuard
http://antispam.yahoo.com/whatsnewfree
<http://antispam.yahoo.com/whatsnewfree>


Yahoo! Groups Sponsor

<http://rd.yahoo.com/SIG=12cu818cg/M=259395.3614674.4902533.1261774/D=eg
roupweb/S=1705713164:HM/EXP=1070921699/A=1524963/R=0/*http://hits.411web
.com/cgi-bin/autoredir?camp=556&lineid=3614674?=egroupweb&pos=HM>


<http://us.adserver.yahoo.com/l?M=259395.3614674.4902533.1261774/D=egrou
pmail/S=:HM/A=1524963/rand=562421977>

To unsubscribe from this group, send an email to:
linux_forensics-unsubscribe@yahoogroups.com



Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service
<http://docs.yahoo.com/info/terms/> .

I would love to go.  I have been reading about Smart and how it works.  I t
sound great.

Christopher D. Bell

Andrew Rosen <asrdata@...> wrote:
Thank you for asking Flint -

The course is 4 days - Monday, January 12 through
Thursday, January 15, 2004.  The course is being
hosted by the Las Vegas Metropolitan Police Department
- Secret Service Task Force - High Tech Crimes Unit.

Just as with all our other training, the facilities
are top notch as well (SkillRamp of Las Vegas).  The
course will be presented by myself and Thomas Rude
(aka Farmerdude).

Law Enforcement Officers who do not yet have a copy of
SMART and have not yet attended ASR Data's
Intermediate course are $2,000 and Non sworn are
$3,000.  This includes a licensed copy of SMART, the
courseware and materials and 4 days of top notch
training.

Licensed users of SMART will receive a full credit
applied towards their tuition.

This class will be the first to see exciting new
features and concepts that bring "enterprise"
functionality to individual examiners, workgroups and
task forces, providing advanced capabilities not
available in any other integrated solution.

Class capacity is limited to 24 students.  Last I
heard, there were still 5 or 6 seats left, available
on a first come, first served basis.

Happy Holidays -

Andrew Rosen
ASR Data



--- Flint Waters <Flint@...> wrote:
> How much is the course Andrew?
>


=====
Regards -

Andrew Rosen
ASR Data Acquisition & Analysis, LLC - Austin, Texas

__________________________________
Do you Yahoo!?
Protect your identity with Yahoo! Mail AddressGuard
http://antispam.yahoo.com/whatsnewfree

Yahoo! Groups Sponsor
To unsubscribe from this group, send an email to:
linux_forensics-unsubscribe@yahoogroups.com



Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.


---------------------------------
Do you Yahoo!?
Free Pop-Up Blocker - Get it now

[Non-text portions of this message have been removed]

Hello Daniel -

ASR Data will be in New York at LinuxWorld
January 21 - 24, 2004.  Related info is at

http://www.linuxworldexpo.com/linuxworldny/V40/conference/session.cvn?eID=396

http://www.linuxworldexpo.com/linuxworldny/V40/conference/session.cvn?eID=329

We will be doing a training in Toronto, Canada later
in Q1 2004 as well.

Regards -

Andrew Rosen
ASR Data


--- Kalil Daniel Contr AFRL/IFGB
<daniel.kalil@...> wrote:
> Are they any other dates, locations, etc besides Las
> Vegas? Anything in
> Upstate NY?!!
>
> Thanks,
>
> Dan
>
>
> -----Original Message-----
> From: Andrew Rosen
> To: linux_forensics@yahoogroups.com
> Sent: 12/7/2003 5:14 PM
> Subject: RE: [linux_forensics] SMART Class
>
> Thank you for asking Flint -
>
> The course is 4 days - Monday, January 12 through
> Thursday, January 15, 2004.  The course is being
> hosted by the Las Vegas Metropolitan Police
> Department
> - Secret Service Task Force - High Tech Crimes Unit.
>
> Just as with all our other training, the facilities
> are top notch as well (SkillRamp of Las Vegas).  The
> course will be presented by myself and Thomas Rude
> (aka Farmerdude).
>
> Law Enforcement Officers who do not yet have a copy
> of
> SMART and have not yet attended ASR Data's
> Intermediate course are $2,000 and Non sworn are
> $3,000.  This includes a licensed copy of SMART, the
> courseware and materials and 4 days of top notch
> training.
>
> Licensed users of SMART will receive a full credit
> applied towards their tuition.
>
> This class will be the first to see exciting new
> features and concepts that bring "enterprise"
> functionality to individual examiners, workgroups
> and
> task forces, providing advanced capabilities not
> available in any other integrated solution.
>
> Class capacity is limited to 24 students.  Last I
> heard, there were still 5 or 6 seats left, available
> on a first come, first served basis.
>
> Happy Holidays -
>
> Andrew Rosen
> ASR Data
>
>
>
> --- Flint Waters <Flint@...> wrote:
> > How much is the course Andrew?
> >
>
>
> =====
> Regards -
>
> Andrew Rosen
> ASR Data Acquisition & Analysis, LLC - Austin, Texas
>
> __________________________________
> Do you Yahoo!?
> Protect your identity with Yahoo! Mail AddressGuard
> http://antispam.yahoo.com/whatsnewfree
> <http://antispam.yahoo.com/whatsnewfree>
>
>
> Yahoo! Groups Sponsor
>
>
<http://rd.yahoo.com/SIG=12cu818cg/M=259395.3614674.4902533.1261774/D=eg
>
roupweb/S=1705713164:HM/EXP=1070921699/A=1524963/R=0/*http://hits.411web
>
.com/cgi-bin/autoredir?camp=556&lineid=3614674?=egroupweb&pos=HM>
>
>
>
<http://us.adserver.yahoo.com/l?M=259395.3614674.4902533.1261774/D=egrou
> pmail/S=:HM/A=1524963/rand=562421977>
>
> To unsubscribe from this group, send an email to:
> linux_forensics-unsubscribe@yahoogroups.com
>
>
>
> Your use of Yahoo! Groups is subject to the Yahoo!
> Terms of Service
> <http://docs.yahoo.com/info/terms/> .
>
> ------------------------ Yahoo! Groups Sponsor
>
> To unsubscribe from this group, send an email to:
> linux_forensics-unsubscribe@yahoogroups.com
>
>
>
> Your use of Yahoo! Groups is subject to
> http://docs.yahoo.com/info/terms/
>
>


__________________________________
Do you Yahoo!?
Protect your identity with Yahoo! Mail AddressGuard
http://antispam.yahoo.com/whatsnewfree

Hi,

I need to analyse a Linux box that uses logical volumes. Is it possible to
image a logical volume without booting the box? If yes, how? Is dd usefull
in
this situation?

Thank you.

--
at today’s exchange rates 101 in binary is now worth just 5 in decimal,
following a catastrophic devaluation of binary. (read on TheRegister)

+++ GMX - die erste Adresse für Mail, Message, More +++
Neu: Preissenkung für MMS und FreeMMS! http://www.gmx.net

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Martes, 9 de Diciembre de 2003 10:58, Lentila de Vultur wrote:
> I need to analyse a Linux box that uses logical volumes. Is it possible to
> image a logical volume without booting the box? If yes, how? Is dd usefull
> in this situation?

What I'd do is:

1) Image the different devices involved in the LV.
2) Set up a LV against these images.
3) Image the resulting /dev/whatever

Analyse the image of the "LV" device (which should behave, I think, exactly as
a normal drive), but keep safe a copy of the different devices that are part
of it.

Hope this is useful

Regards
- --
Luis Gómez Miralles // lgomez@...
esCERT-UPC Incident Response Team
c/ Jordi Girona, 29
Edificio Nexus II planta I zona B
08034 Barcelona (Espańa)
Tlf. (+34) 93.413.79.47
http://www.inetsecur.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/1d2yL1k4NhTacfgRAtGcAJ4zw85pfl2JK8vmVvmkeHHDGAG3SQCfS+bt
lolBfHggLtys2XwM/Brjfjo=
=ucmN
-----END PGP SIGNATURE-----

I am aware that by default RH linux will not recognize the last sector of a
disk, if that disk contains an odd number of sectors. I also understand that
there is a "patch" so that RH will in fact recognize this sector. Are there
other distros (besides RH) that cannot recognize the last sector of an odd
sector disk? If so, are there workarounds for these as well? Please tell.

Thanks,

Dan


[Non-text portions of this message have been removed]

Dan,

I think that was more a function of Linux and using
Firewire to connect the drive rather than RH itself.
I know that FreeBSD, or any of the BSD's for that
matter, do not have this issue.  Check with
farmerdude@... he knows a lot about this
issue (and any patching that must be done)

Rich

--- Kalil Daniel Contr AFRL/IFGB
<daniel.kalil@...> wrote:
> I am aware that by default RH linux will not
> recognize the last sector of a
> disk, if that disk contains an odd number of
> sectors. I also understand that
> there is a "patch" so that RH will in fact recognize
> this sector. Are there
> other distros (besides RH) that cannot recognize the
> last sector of an odd
> sector disk? If so, are there workarounds for these
> as well? Please tell.
>
> Thanks,
>
> Dan
>
>
> [Non-text portions of this message have been
> removed]
>
>

Quoting: "Rich Thompson"
> I think that was more a function of Linux and using
> Firewire to connect the drive rather than RH itself.
> I know that FreeBSD, or any of the BSD's for that
> matter, do not have this issue.  Check with
> farmerdude@... he knows a lot about this
> issue (and any patching that must be done)

Nope. Not a firewire "specific" bug. Not a RedHat specific bug. Not a *nix
specific bug. Its a particular feature of the linux kernel, and not
necessarily a bug, as linux itself doesnt use the last sector, and therefore
doesnt need to access it.

There is a patch available.... see below.

Hope that helps and clarifies the situation!

  -Enda.


Full details ........  (taken from http://lwn.net/2001/0906/kernel.php3 )


The case of the conflicting block ioctls.
==========================

How do you access the last sector on a odd-sized disk? The Linux kernel
(normally) likes to deal with a 1K block size, which (normally) gets mapped
into two contiguous, 512-byte sectors on a disk drive. But, if the drive
contains an odd number of sectors, this scheme leaves the last sector
unreachable. That is not normally considered to be a big problem; one
missing sector does not make a very large dent in the capacity of a modern
disk drive.

It turns out, however, that the IA-64 architecture has defined a new
partitioning scheme which stores a copy of the partition table in the last
sector on the disk. With this scheme, it matters if that sector is not
reachable - there is no way for an administrator to change the partition
table when running under Linux. This kind of limitation can lead
administrators to do irrational things, like install Windows. Clearly a fix
was required.

So, back in February (http://lwn.net/2001/0906/a/last-sector.php3), Michael
Brown created a new ioctl call specifically to provide access to the last
sector on a disk; that call is now part of the IA-64 port. It is not,
however, to be found in the mainstream kernel at this time, which is part of
the problem.

Ben LaHaise, meanwhile, needed an ioctl call that would retrieve the size of
a device as a 64-bit quantity - disks are getting big, after all. So he put
together a patch with the new ioctl call. Part of his patch was to the ext2
utility programs; that patch was accepted and distributed as part of the
e2fsprogs distribution a little while back.

The problem: both new ioctls needed a new ioctl number. The block I/O ioctl
numbers are defined in linux/fs.h (http://lwn.net/2001/0906/a/fs.h.php3),
and it is a natural thing to do to pick the next one in series. There is no
central registry for these ioctl numbers other than the source itself; if
you have not put in a patch reserving a given ioctl number, it's not really
yours. Unfortunately, Michael Brown did not put in any such patch. Ben
LaHaise also failed to do so before (accidentally) getting the ioctl number
included in the e2fsprogs distribution. Of course, both chose the same
number.

This week, Ben put in a patch (http://lwn.net/2001/0906/a/ioctl-number.php3)
to reserve the number for his ioctl. His reasoning: renumbering the IA-64
ioctl will be less disruptive than changing e2fsprogs. He also believes that
the ioctl is the wrong solution to the problem; it should have been fixed
for all systems in the general block code, rather than being an
IA-64-specific ioctl.

Michael has also sent in a patch (http://lwn.net/2001/0906/a/mb-ioctl.php3)
trying to reserve the same ioctl number. Just asking for a number is not
enough, though, as can be seen from Alan's reaction
(http://lwn.net/2001/0906/a/ac-reject.php3) to Michael's patch:


   Rejected. I still think this is an ugly evil hack and want no part in it
Ben, meanwhile, gave up on the old ioctl number and put in a new patch
(http://lwn.net/2001/0906/a/bcrl-110.php3) using a higher number. That one,
too, turned out to be problematic, causing BLKGETSIZE64 to move up
(http://lwn.net/2001/0906/a/bcrl-114.php3) one more time...

Rich:
To the best of my knowledge although fire wire may play a role in this, it
is an issue with RH - regardless on how the drive is connected. I could be
wrong.

Dan

-----Original Message-----
From: Rich Thompson [mailto:tex_atl@...]
Sent: Wednesday, December 10, 2003 1:25 PM
To: linux_forensics@yahoogroups.com
Subject: Re: [linux_forensics] Odd Sector Question


Dan,

I think that was more a function of Linux and using
Firewire to connect the drive rather than RH itself.
I know that FreeBSD, or any of the BSD's for that
matter, do not have this issue.  Check with
farmerdude@... he knows a lot about this
issue (and any patching that must be done)

Rich

--- Kalil Daniel Contr AFRL/IFGB
<daniel.kalil@...> wrote:
> I am aware that by default RH linux will not
> recognize the last sector of a
> disk, if that disk contains an odd number of
> sectors. I also understand that
> there is a "patch" so that RH will in fact recognize
> this sector. Are there
> other distros (besides RH) that cannot recognize the
> last sector of an odd
> sector disk? If so, are there workarounds for these
> as well? Please tell.
>
> Thanks,
>
> Dan
>
>
> [Non-text portions of this message have been
> removed]
>
>



Yahoo! Groups Sponsor

ADVERTISEMENT

<http://rd.yahoo.com/SIG=12cj6he25/M=267637.4116732.5333197.1261774/D=egroup
web/S=1705713164:HM/EXP=1071167100/A=1853618/R=0/*http://www.netflix.com/Def
ault?mqso=60178338&partid=4116732> click here

<http://us.adserver.yahoo.com/l?M=267637.4116732.5333197.1261774/D=egroupmai
l/S=:HM/A=1853618/rand=980596623>

To unsubscribe from this group, send an email to:
linux_forensics-unsubscribe@yahoogroups.com



Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service
<http://docs.yahoo.com/info/terms/> .




[Non-text portions of this message have been removed]

This is not a Red Hat issue, it is a Linux issue.
Linux <=2.4.x accesses many types of devices using a
1024 byte block.  This can be patched (someone at Dell
wrote a rather elegant patch some time ago) or worked
around in a variety of ways (including the generic
SCSI drivers (great for Firewire) in the sg package).

*BSD, Mac OS and a few others (BeOS) use a 512 byte
block size and are therefore not subject to this
limitation.

--- Kalil Daniel Contr AFRL/IFGB
<daniel.kalil@...> wrote:
> Rich:
> To the best of my knowledge although fire wire may
> play a role in this, it
> is an issue with RH - regardless on how the drive is
> connected. I could be
> wrong.
>
> Dan
>

=====
Regards -

Andrew Rosen
ASR Data Acquisition & Analysis, LLC - Austin, Texas

__________________________________
Do you Yahoo!?
Protect your identity with Yahoo! Mail AddressGuard
http://antispam.yahoo.com/whatsnewfree

i seem to recall a post on the lkml stating that it was fixed with 2.5.56...
<http://marc.theaimsgroup.com/?l=linux-kernel&m=104245755017418&w=2>
i have not been able to test it out with the newer (2.6.0) kernels, has
anyone tested this out...
if so could you share your results... thanks...

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Joe Corrigan
Ohio BCI
ph: 330 659 4600 x336

The first step: Don't be anxious. Nature
controls it all.  And before long you'll
be no one, nowhere-like Hadrian, like
Augustus.             -- Marcus Aurelius

-----Original Message-----
From: Andrew Rosen [mailto:asrdata@...]
Sent: Thursday, December 11, 2003 2:33 AM
To: linux_forensics@yahoogroups.com
Subject: RE: [linux_forensics] Odd Sector Question


This is not a Red Hat issue, it is a Linux issue.
Linux <=2.4.x accesses many types of devices using a
1024 byte block.  This can be patched (someone at Dell
wrote a rather elegant patch some time ago) or worked
around in a variety of ways (including the generic
SCSI drivers (great for Firewire) in the sg package).

*BSD, Mac OS and a few others (BeOS) use a 512 byte
block size and are therefore not subject to this
limitation.

--- Kalil Daniel Contr AFRL/IFGB
<daniel.kalil@...> wrote:
> Rich:
> To the best of my knowledge although fire wire may
> play a role in this, it
> is an issue with RH - regardless on how the drive is
> connected. I could be
> wrong.
>
> Dan
>

=====
Regards -

Andrew Rosen
ASR Data Acquisition & Analysis, LLC - Austin, Texas

__________________________________
Do you Yahoo!?
Protect your identity with Yahoo! Mail AddressGuard
http://antispam.yahoo.com/whatsnewfree


To unsubscribe from this group, send an email to:
linux_forensics-unsubscribe@yahoogroups.com



Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/

Hi All

We have an urgent opening for our MNC client for Linux administrator
having specialization in:
UNIX/Linux technology particularly in the Kernel, Networking, and
Security areas

Areas of Expertise should include:
Linux/UNIX Kernel and Utilities,Linux/UNIX Device Drivers,Linux/UNIX
Porting,Streams and Socket Programming,X.25 Networking,Configuration
Management,Linux/UNIX Performance and Tuning,Network
configuration,C/C++ Language Programming,Distributed Processing

Operating Systems:
Linux, Solaris, BSD, SunOS 4.x, UNIX System V.4, V.3, V.2., System
III,
UNIX V7 and V6. HP-UX. IRIX. Amdahl UTS. XENIX 2.x, DOS, MS-Windows.
RSTS.

Telecommunications:
TCP/IP, ISDN. ASI, FDDI, X.25, NFS. RFS. TLI, Streams, Sockets. UUCP.


Interested profesionals please contact us and mail your resumes on
info@...

Ms Jabin
Gray  Cells Consulting Pvt Ltd.
PH 080 56963615

On Thu, 11 Dec 2003, careers_graycells wrote:
> UNIX/Linux technology particularly in the Kernel, Networking, and
> Security areas
>
> Areas of Expertise should include:
> Linux/UNIX Kernel and Utilities,Linux/UNIX Device Drivers,Linux/UNIX
> Porting,Streams and Socket Programming,X.25 Networking,Configuration
> Management,Linux/UNIX Performance and Tuning,Network
> configuration,C/C++ Language Programming,Distributed Processing
>
> Operating Systems:
> Linux, Solaris, BSD, SunOS 4.x, UNIX System V.4, V.3, V.2., System
> III,
> UNIX V7 and V6. HP-UX. IRIX. Amdahl UTS. XENIX 2.x, DOS, MS-Windows.
> RSTS.
>
> Telecommunications:
> TCP/IP, ISDN. ASI, FDDI, X.25, NFS. RFS. TLI, Streams, Sockets. UUCP.

Can you explain where this position is located?

Thanks,
   Steve Hill

-------------------------------------------
E-mail:
    Home:  steveh@...
-------------------------------------------

List Members,

I realize this is a linux list but it is really better than the other
generic lists such as the one at security_focus, hence I post the following
non-linux forensics request and kindly ask forgiveness.  I am in need of a
copy of the user manual for encase 3.2g in particular, or some other version
if available.  If you could send me the pdf offlist for educational purposes
only, I would be forever indebted to you.

Thanks,

eric

I doubt very much if anyone will email you a copy of something which is
subject to copyright.   Try emailing Guidance Software and ask them for
a copy.

On Sat, 2003-12-20 at 05:49, evb wrote:
> List Members,
>
> I realize this is a linux list but it is really better than the other
> generic lists such as the one at security_focus, hence I post the following
> non-linux forensics request and kindly ask forgiveness.  I am in need of a
> copy of the user manual for encase 3.2g in particular, or some other version
> if available.  If you could send me the pdf offlist for educational purposes
> only, I would be forever indebted to you.
>
> Thanks,
>
> eric
>
>
> To unsubscribe from this group, send an email to:
> linux_forensics-unsubscribe@yahoogroups.com
>
>
>
> Yahoo! Groups Links
>
> To visit your group on the web, go to:
>  http://groups.yahoo.com/group/linux_forensics/
>
> To unsubscribe from this group, send an email to:
>  linux_forensics-unsubscribe@yahoogroups.com
>
> Your use of Yahoo! Groups is subject to:
>  http://docs.yahoo.com/info/terms/
>
>

Give me a break.

> -----Original Message-----
> From: echo6 [mailto:echo6@...]
> Sent: Saturday, December 20, 2003 10:36 AM
> To: linux_forensics@yahoogroups.com
> Subject: Re: [linux_forensics] Encase manual
>
>
> I doubt very much if anyone will email you a copy of
> something which is
> subject to copyright.   Try emailing Guidance Software and
> ask them for
> a copy.
>
> On Sat, 2003-12-20 at 05:49, evb wrote:
> > List Members,
> >
> > I realize this is a linux list but it is really better than
> the other
> > generic lists such as the one at security_focus, hence I post the
> > following non-linux forensics request and kindly ask
> forgiveness.  I
> > am in need of a copy of the user manual for encase 3.2g in
> particular,
> > or some other version if available.  If you could send me the pdf
> > offlist for educational purposes only, I would be forever
> indebted to
> > you.
> >
> > Thanks,
> >
> > eric
> >
> >
> > To unsubscribe from this group, send an email to:
> > linux_forensics-unsubscribe@yahoogroups.com
> >
> >
> >
> > Yahoo! Groups Links
> >
> > To visit your group on the web, go to:
> > http://groups.yahoo.com/group/linux_forensics/
> >
> > To unsubscribe from this group, send an email to:
> > linux_forensics-unsubscribe@yahoogroups.com
> >
> > Your use of Yahoo! Groups is subject to:
> > http://docs.yahoo.com/info/terms/
> >
> >
>
>
>
> To unsubscribe from this group, send an email to:
> linux_forensics-unsubscribe@yahoogroups.com
>
>
>
> Yahoo! Groups Links
>
> To visit your group on the web, go to:
> http://groups.yahoo.com/group/linux_forensics/
>
> To
> unsubscribe from this group, send an email to:
> linux_forensics-unsubscribe@yahoogroups.com
>
> Your use of Yahoo! Groups is subject to:
> http://docs.yahoo.com/info/terms/
>
>
>

Don't be stupid

> -----Original Message-----
> From: echo6 [mailto:echo6@...]
> Sent: Saturday, December 20, 2003 10:36 AM
> To: linux_forensics@yahoogroups.com
> Subject: Re: [linux_forensics] Encase manual
>
>
> I doubt very much if anyone will email you a copy of
> something which is
> subject to copyright.   Try emailing Guidance Software and
> ask them for
> a copy.
>
> On Sat, 2003-12-20 at 05:49, evb wrote:
> > List Members,
> >
> > I realize this is a linux list but it is really better than
> the other
> > generic lists such as the one at security_focus, hence I post the
> > following non-linux forensics request and kindly ask
> forgiveness.  I
> > am in need of a copy of the user manual for encase 3.2g in
> particular,
> > or some other version if available.  If you could send me the pdf
> > offlist for educational purposes only, I would be forever
> indebted to
> > you.
> >
> > Thanks,
> >
> > eric
> >
> >
> > To unsubscribe from this group, send an email to:
> > linux_forensics-unsubscribe@yahoogroups.com
> >
> >
> >
> > Yahoo! Groups Links
> >
> > To visit your group on the web, go to:
> > http://groups.yahoo.com/group/linux_forensics/
> >
> > To unsubscribe from this group, send an email to:
> > linux_forensics-unsubscribe@yahoogroups.com
> >
> > Your use of Yahoo! Groups is subject to:
> > http://docs.yahoo.com/info/terms/
> >
> >
>
>
>
> To unsubscribe from this group, send an email to:
> linux_forensics-unsubscribe@yahoogroups.com
>
>
>
> Yahoo! Groups Links
>
> To visit your group on the web, go to:
> http://groups.yahoo.com/group/linux_forensics/
>
> To
> unsubscribe from this group, send an email to:
> linux_forensics-unsubscribe@yahoogroups.com
>
> Your use of Yahoo! Groups is subject to:
> http://docs.yahoo.com/info/terms/
>
>
>

Why don't you contact Encase? I'm sure they're happy to provide replacement
manuals so long as you have a valid serial number. I know what it's like to lose
a manual. It's very frustrating when you pay for software and then can't get the
use out of it that you would like.

I'm sure you're not asking for a manual for a copy that you didn't pay for.

Good luck!

Tony.

evb <swiver@...> wrote:
List Members,

I realize this is a linux list but it is really better than the other
generic lists such as the one at security_focus, hence I post the following
non-linux forensics request and kindly ask forgiveness.  I am in need of a
copy of the user manual for encase 3.2g in particular, or some other version
if available.  If you could send me the pdf offlist for educational purposes
only, I would be forever indebted to you.

Thanks,

eric



To unsubscribe from this group, send an email to:
linux_forensics-unsubscribe@yahoogroups.com





---------------------------------
Yahoo! Groups Links

    To visit your group on the web, go to:
http://groups.yahoo.com/group/linux_forensics/

    To unsubscribe from this group, send an email to:
linux_forensics-unsubscribe@yahoogroups.com

    Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.



---------------------------------
Do you Yahoo!?
New Yahoo! Photos - easier uploading and sharing

[Non-text portions of this message have been removed]

Sure I am.  If you want to have a debate about the inadequacy of the
American copyright system, I'm confident I will beat you.  But let's do it
off list so as not to disturb these other nice people.

> -----Original Message-----
> From: The Dog's Bollix [mailto:isxpro@...]
> Sent: Saturday, December 20, 2003 11:57 AM
> To: linux_forensics@yahoogroups.com
> Subject: Re: [linux_forensics] Encase manual
>
>
> Why don't you contact Encase? I'm sure they're happy to
> provide replacement manuals so long as you have a valid
> serial number. I know what it's like to lose a manual. It's
> very frustrating when you pay for software and then can't get
> the use out of it that you would like.
>
> I'm sure you're not asking for a manual for a copy that you
> didn't pay for.
>
> Good luck!
>
> Tony.
>
> evb <swiver@...> wrote:
> List Members,
>
> I realize this is a linux list but it is really better than
> the other generic lists such as the one at security_focus,
> hence I post the following non-linux forensics request and
> kindly ask forgiveness.  I am in need of a copy of the user
> manual for encase 3.2g in particular, or some other version
> if available.  If you could send me the pdf offlist for
> educational purposes only, I would be forever indebted to you.
>
> Thanks,
>
> eric
>
>
>
> To unsubscribe from this group, send an email to:
> linux_forensics-unsubscribe@yahoogroups.com
>
>
>
>
>
> ---------------------------------
> Yahoo! Groups Links
>
>    To visit your group on the web, go to:
> http://groups.yahoo.com/group/linux_forensics/
>
>    To
> unsubscribe from this group, send an email to:
> linux_forensics-unsubscribe@yahoogroups.com
>
>    Your use of Yahoo! Groups is subject to the Yahoo! Terms
> of Service.
>
>
>
> ---------------------------------
> Do you Yahoo!?
> New Yahoo! Photos - easier uploading and sharing
>
> [Non-text portions of this message have been removed]
>
>
> To unsubscribe from this group, send an email to:
> linux_forensics-unsubscribe@yahoogroups.com
>
>
>
> Yahoo! Groups Links
>
> To visit your group on the web, go to:
> http://groups.yahoo.com/group/linux_forensics/
>
> To
> unsubscribe from this group, send an email to:
> linux_forensics-unsubscribe@yahoogroups.com
>
> Your use of Yahoo! Groups is subject to:
> http://docs.yahoo.com/info/terms/
>
>
>

I don't know who you are,  but I for one do not welcome those of your ilk
to this list. Your Attitude is totally disrespecful. I most certainly
respect a difference of opinion, but when you are condescending and
insulting to others who hold a different view, then you belong somewhere
else.

--------------------------
Sent from my BlackBerry Wireless Handheld

I am perfectly capable of being respectful.  However, so far onlist I have
received two sarcastic responses, plus yours which is filled with pure
affect and no intellect.  If I meet sarcasm with condescension, so be it. I
don't think I'll be having any trouble sleeping.  If you want to have a
substantive dialogue that is supported by facts and reason, I am willing to
listen and be respectful.  So far, however, none of the three onlist
responses has had those qualities.


> -----Original Message-----
> From: Raymond_Smith@... [mailto:Raymond_Smith@...]
> Sent: Saturday, December 20, 2003 12:36 PM
> To: linux_forensics@yahoogroups.com
> Subject: Re: [linux_forensics] Encase manual
>
>
> I don't know who you are,  but I for one do not welcome those
> of your ilk to this list. Your Attitude is totally
> disrespecful. I most certainly respect a difference of
> opinion, but when you are condescending and insulting to
> others who hold a different view, then you belong somewhere else.
>
> --------------------------
> Sent from my BlackBerry Wireless Handheld
>
>
>
>
> To unsubscribe from this group, send an email to:
> linux_forensics-unsubscribe@yahoogroups.com
>
>
>
> ------------------------ Yahoo! Groups Sponsor
> ---------------------~--> Buy Ink Cartridges or Refill Kits
> for your HP, Epson, Canon or Lexmark Printer at MyInks.com.
> Free s/h on orders $50 or more to the US & Canada.
http://www.c1tracking.com/l.asp?cid=5511
http://us.click.yahoo.com/mOAaAA/3exGAA/qnsNAA/M4xqlB/TM
---------------------------------------------------------------------~->

Yahoo! Groups Links

To visit your group on the web, go to:
http://groups.yahoo.com/group/linux_forensics/

To unsubscribe from this group, send an email to:
linux_forensics-unsubscribe@yahoogroups.com

Your use of Yahoo! Groups is subject to:  http://docs.yahoo.com/info/terms/