tag:blogger.com,1999:blog-9518042.post363069155720922727..comments2024-03-19T07:46:20.437-05:00Comments on Windows Incident Response: Linkity-LinkUnknownnoreply@blogger.comBlogger4125tag:blogger.com,1999:blog-9518042.post-13299210919005452062009-09-30T13:47:40.798-05:002009-09-30T13:47:40.798-05:00Rich,
I see this a lot myself...I'll make a ...Rich,<br /> <br />I see this a lot myself...I'll make a post with a specific term in the text and then wait a week and do a search...<br /><br />I guess I've always had an issue with those who don't actually create their own content or contribute back to the "community" (with respect to whatever they're doing) but instead just copy other's material for their own site content...but then, that's what happens if you don't protect your IP...H. Carveyhttps://www.blogger.com/profile/08966595734678290320noreply@blogger.comtag:blogger.com,1999:blog-9518042.post-84027279893975108612009-09-30T13:39:52.734-05:002009-09-30T13:39:52.734-05:00Thanks for the mention of my blog posting re Windo...Thanks for the mention of my blog posting re Windows Photo Gallery. The think tank forensics posting is a straight copy of my blog. This is happening more and more. As one of the major computer forensics bloggers Harlan, I would be grateful of your opinion - is this fair play?<br /><br />Richard DrinkwaterDC1743https://www.blogger.com/profile/14186532367794900206noreply@blogger.comtag:blogger.com,1999:blog-9518042.post-34843519213276183212009-09-26T17:10:32.657-05:002009-09-26T17:10:32.657-05:00Jimmy,
Re: ProDiscover and VSS...I contacted Chri...Jimmy,<br /><br />Re: ProDiscover and VSS...I contacted Chris Brown directly and he said:<br /><br /><i>Once you are connected to a remote system with a VSC you can right click over the physical disk and choose to mount any and all available shadow copies.</i><br /><br />Go to the ProDiscover <a href="http://www.techpathways.com/DesktopDefault.aspx?tabindex=9&tabid=14" rel="nofollow">Resource Center</a> for a webinar on this...<br /><br />Very cool stuff, and a great, big THANKS to Chris!H. Carveyhttps://www.blogger.com/profile/08966595734678290320noreply@blogger.comtag:blogger.com,1999:blog-9518042.post-37845256915985108202009-09-26T15:59:53.833-05:002009-09-26T15:59:53.833-05:00...you'll see someone say that they feel that ...<i>...you'll see someone say that they feel that folks should publish their report formats ... most often without doing so themselves. Funny how that works, eh?</i><br /><br />I've shared my report format with a host of examiners, though on an individual basis. It's been very well received by a few LEAs and by local and federal prosecutors in my venue. I also provide an "Analysis CD" with every report. The problem with "publishing," IMHO, is that I have a few formats that I use in different cases. In that regard, I have a 30-page template that contains stock language that I cut and pase. For example, I have a paragraph or two that explains link files for the non-geek. Of course, boiler plates must be updated routinely. Another issue with publishing is that some folks don't recognize that a report is not a white paper on a given topic. It's easy to criticize a report for being "incomplete." <br /><br /><i>[ProDiscover] version 6 also supports access to Vista Volume Shadow Copy files ... this is something I definitely need to check out.</i><br /><br />Please do and let us know. I was part of the thread on that topic. The fellow who noted this said that PD mounts the volume, if I recall correctly. I imagine that you at least must run PD on Vista.Jimmy_Wegnoreply@blogger.com