tag:blogger.com,1999:blog-9518042.post657749975216075218..comments2024-03-19T07:46:20.437-05:00Comments on Windows Incident Response: Who you gonna call?Unknownnoreply@blogger.comBlogger3125tag:blogger.com,1999:blog-9518042.post-63137327956075317872007-12-29T20:05:00.000-05:002007-12-29T20:05:00.000-05:00Thanks for the chkdsk link. I saw that as well but...Thanks for the chkdsk link. I saw that as well but again it does not explain at a lower level what it does to fix the problems and I do not know of anywhere where it tells how it re-arranges sectors and clusters. I saw some pretty weird stuff in unallocated space for files that should have been recoverable.<BR/><BR/>Oh well,<BR/><BR/>Thanks again,<BR/><BR/>DaveMacaronihttps://www.blogger.com/profile/08113144875167225261noreply@blogger.comtag:blogger.com,1999:blog-9518042.post-19151876027329644342007-12-29T19:31:00.000-05:002007-12-29T19:31:00.000-05:00...I could not find any docs on what chkdsk actual...<I>...I could not find any docs on what chkdsk actually does...</I><BR/><BR/>I found this:<BR/><A HREF="http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/chkdsk.mspx?mfr=true" REL="nofollow">chkdsk on XP</A><BR/><BR/>There's more at TechNet...<BR/><BR/><I>Are you just trying to get a sense of what people are doing. To figure out what would be worthwhile?</I><BR/><BR/>Yeah, pretty much. I've seen recently where some data wasn't even looked at during an investigation, and when I asked about specific sites, I was told that they had no idea...H. Carveyhttps://www.blogger.com/profile/08966595734678290320noreply@blogger.comtag:blogger.com,1999:blog-9518042.post-7994389527840389372007-12-29T19:17:00.000-05:002007-12-29T19:17:00.000-05:00Harlan,I go to most of the resources you mentioned...Harlan,<BR/><BR/>I go to most of the resources you mentioned as well as internal resources we have at the company I work for. But still I am at a loss for where to find how specific things work. Recently, I was faced with a person who ran chkdsk /f on the hard disk before I could get to it. I found that I could not find any docs on what chkdsk actually does at the file system level to try and explain what I was seeing with deleted files on the system.<BR/><BR/>Are you just trying to get a sense of what people are doing. To figure out what would be worthwhile?<BR/><BR/>DaveMacaronihttps://www.blogger.com/profile/08113144875167225261noreply@blogger.com