March 12th, 2004, 06:02 PM
Man, this is a very famous case known as the joe jacob case wherein the colombian drug lord was convicted on the basis of forensic tests on the floppy.
Search for joe jacob on google and u might find more than i cud ever tell u.
best of luck
March 12th, 2004, 06:23 PM
Here r some programs to help u.Pm me ur mail id i might even send u some very helpful pdfs to crack the image in windows
March 12th, 2004, 06:30 PM
Got this image somewhere on my hd tell me if its the same.
March 12th, 2004, 06:40 PM
I know Linux-STD has a lot of tools- Autopsy, DD? I haven't had a chance to use them but this sounds like a good time. Would the integrity of the data be ok when it's transferred to this site? Are there time stamps that would be screwed with that we would need to do a proper job on it?
If you could post that, this would be a pretty damn cool thread.
March 12th, 2004, 07:38 PM
firstname.lastname@example.org is my email...
Is there a way for me to send everything written on this disk out to you guys?
March 12th, 2004, 08:00 PM
Attach it to a post? I'll drop you an email as well.
March 12th, 2004, 09:02 PM
Most likely your best bet to start with is to get an image of the floppy (windows program rawread will do this as will "dd" on Linux)
Then get out a hex editor and look for anything obvious.
Obvious places to start are the root directory for deleted files (or other directories if it has subdirectories), unused clusters, and slack space.
Of course the tricky part would be, if you can recover *part* of something like a zipfile which has been deleted and partially overwritten (NOTE: zipfiles are potentially quite convenient because the directory is at the end, and the most likely part to be overwritten is the beginning)
The reason that using Linux might be easier, is you can hexedit the image and then mount it using loopback and examine files. However, on Windows you can do the same thing by using another floppy, which is slower, but achieves the same.
March 12th, 2004, 10:10 PM
If you are willing to do your assignment using Windows, I would recommend you trying " BadCopy Pro "out.
It is a fabulous little proggie to recover / read data from almost all media, it can scan / read physical sectors even if the floppy is damaged or doesn't works. Best part is that it is GUI-based.
This is a shareware so the evaluation copy will let you see what files the floppy contains, but you won't be able to copy / open them unless you purchase it (but... I don't know... I should say this -- b'cuz it is Anti- anti-online ) just use google to find its serial no. do your work and **honestly** uninstall / destroy the copy of the software.
Hope it helps...
PS: You can download it from www.download.com [file size approx. 862 KB]
March 12th, 2004, 11:57 PM
Hidden Info on Floppy
I was so intrigued after reading this post that I did a little searching on Google and guess what I found!? Yep - the infamous Joe Jacobs scenario! It is on the Honeynet.org site (http://www.honeynet.org/scans/scan24/) under their monthly challenges from 2002. The 'police report' (http://www.honeynet.org/scans/scan24/report.txt) laid out the whole story, while the challenge questons are posted on the scan24 page. I even managed to find some freeware forensic tools for anyone that is interested (http://www.dmares.com/maresware/freesoftware.htm). The MD5 Checksum for the floppy image file is: MD5 = b676147f63923e1f428131d59b1d6a72 ( image.zip ) and can be downloaded direct (http://www.honeynet.org/scans/scan24/image.zip) or I've attached a copy for those of you in a hurry (it's probably a duplicate of the one noted in an earlier reply "found on a HD" and attached).
So - happy hunting. When you finish you can compare your results to the individuals who entered (as long as you don't cheat!). As for me, I believe I have a bit of reading to do . . . Enjoy!!
All truths are easy to understand once they are discovered; the point is to discover them. What lies behind us and what lies before us are tiny matters compared to what lies within us.
March 13th, 2004, 05:04 PM
I've attached a small program that I use myself in order to retrive deleted information from a floppy disk.
Also take a look at this tutorial written by groovicus called Windows Forensics-Where to look-What to use and see if anything there will help you out