Apologies - Totally new to this

View previous topic View next topic Go down

Apologies - Totally new to this

Post  UKTonyK on Mon Nov 23, 2009 4:00 pm

I have booted to the CAINE CD, but want to use the WinTaylor part. Where do I find it?
Or do I have to run it from somewhere else?

UKTonyK

Number of posts : 3
Registration date : 2009-11-23

View user profile

Back to top Go down

Re: Apologies - Totally new to this

Post  denis on Mon Nov 23, 2009 4:12 pm

WinTaylor is the forensic live analisys and acquiring part for MS Windows system that investigator find up.
In these cases it is possible that the investigator decides to carry out an analysis of live system to acquire data that would be lost with the shutdown.
Wintaylor can also be used for image acquisition on those MS Windows systems in which boot from live-cd fails, due to their hardware, or in those cases (hospital server, etc ...) where you can not turn off the system.

denis

Number of posts : 52
Località : Torino, Italy
Registration date : 2008-10-27

View user profile http://www.denisfrati.it

Back to top Go down

Re: Apologies - Totally new to this

Post  UKTonyK on Mon Nov 23, 2009 4:25 pm

So how do I start WinTaylor?

Do I have to boot up the system, log in and then run WinTaylor from the CAINE CD?

Many Thanks

UKTonyK

Number of posts : 3
Registration date : 2009-11-23

View user profile

Back to top Go down

Re: Apologies - Totally new to this

Post  denis on Mon Nov 23, 2009 4:39 pm

This is the idea:
the investigator arrives at the crime scene, where there is an MS Windows up.
According to investigator assessments is important to capture volatile data present on that Windows system, so investigator inserts the CD with Wintaylor and use the tools on this present.

If a system is off, that is, the volatile data are already lost. Hopefully you can think of virtualization and use Wintaylor to extract that information not accessible from Linux working on the forensic image.

denis

Number of posts : 52
Località : Torino, Italy
Registration date : 2008-10-27

View user profile http://www.denisfrati.it

Back to top Go down

Re: Apologies - Totally new to this

Post  UKTonyK on Mon Nov 23, 2009 4:52 pm

I understand now. Apologies I thought the WinTaylor suite was available as part of the utilities after booting from the Live CD.

Is it possible to run such utilities as USBDView from the CAINE Boot CD, whilst not on a live session?

UKTonyK

Number of posts : 3
Registration date : 2009-11-23

View user profile

Back to top Go down

Re: Apologies - Totally new to this

Post  denis on Mon Nov 23, 2009 5:04 pm

You can install regripper, that at now is not present in Caine.
We are thinking to make a Big Caine (Caine on live-dvd) with more tools, like RegRipper and other.
Now you can put your forensic image in LiveView, to vitualize that system, and use Nirsoft, or other, tools on it

denis

Number of posts : 52
Località : Torino, Italy
Registration date : 2008-10-27

View user profile http://www.denisfrati.it

Back to top Go down

Re: Apologies - Totally new to this

Post  Sponsored content


Sponsored content


Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum