In an effort to ensure a sterile work environment, all media used in the examination was first scanned for viruses using Norton AntiVirus™ 2002. For more information about Norton AntiVirus™, go to:
The Linux copy command was used to extract the image onto a blank 1.44-megabyte high density disk.
The MD5 hash algorithm found within Red Hat Linux was used to generate the hash value for image.zip as well as the entire image once it was extracted fully out to the disk.
EnCase® from Guidance Software was used to provide the Disk Properties and verified the MD5 hash value that was previously generated from Linux.
For more information about EnCase® , go to:
www.guidancesoftware.com or www.encase.com
The complete recovery and analysis of the disk was performed using Norton Disk Edit, a part of Norton SystemWorks™ for Windows 95/98 - Emergency Disk 2. The various screenshots displayed throughout the site are from Norton Disk Edit. For more information about Disk Edit, go to:
Winzip™ was used to extract any zipped files. For more information about Winzip™ , go to: