Loading ...
Sorry, an error occurred while loading the content.

RE: [linux_forensics] Faking a webcam broadcast

Expand Messages
  • Pybus, David
    An extremely simple way of doing this which is available to someone of even low skill is just to connect up a DV Handycam. While normally you would connect it
    Message 1 of 24 , Jun 1, 2004
    • 0 Attachment
      An extremely simple way of doing this which is available to someone of even
      low skill is just to connect up a DV Handycam. While normally you would
      connect it and use it as a webcam if you play the video in the handycam then
      it gets sent over the wire as if it is the webcam - easy!

      Cheers, David

      -----Original Message-----
      From: Gary [mailto:sa643@...]
      Sent: 26 May 2004 16:24
      To: linux_forensics@yahoogroups.com
      Subject: [linux_forensics] Faking a webcam broadcast


      I need some advice/help with a pending homicide investigation. (Not
      strictly Linux question, but I know this list has alot of talented
      investigators subscribed)

      There is a witness who says that they had a webcam/Yahoo Chat with
      the victim, approximately a week after the victim was killed. The
      witness says that they know if was a "live" webcam, because the
      victim "moved" several times. There was live typed chat taking
      place, concurrent with the webcam broadcast.

      Does anyone have knowledge or experience with a "saved" webcam feed,
      being transmitted as if it was live webcam broadcast, using Yahoo
      Messenger? What is the default extension for saved webcam
      activity? Does it vary with the program or programs installed on
      the PC?

      Any info/assistance/or pointers to reference material would be
      appreciated.

      Rick





      Yahoo! Groups Links






      [Non-text portions of this message have been removed]
    • IanC
      I don t suppose there is an easy way to figure out if someone saved what files to a floppy on a particular day, or days? System is Win98 Most all files were
      Message 2 of 24 , Jun 3, 2004
      • 0 Attachment
        I don't suppose there is an easy way to figure out if someone saved 'what
        files' to a floppy on a particular day, or days?

        System is Win98

        Most all files were tampered with by the company tech peoples so date stamps
        are almost useless. (I'm hoping for some log transferring to A: as he had a
        bundle of clean floppies on his desk and they depleted over a week).


        Is that possible at all?
      • Sirex
        the created timestamp is useless too ? (not the modifyed one) On Thu, 3 Jun 2004 04:28:31 -0400
        Message 3 of 24 , Jun 3, 2004
        • 0 Attachment
          the created timestamp is useless too ? (not the modifyed one)

          On Thu, 3 Jun 2004 04:28:31 -0400
          "IanC" <saladin@...> wrote:

          > I don't suppose there is an easy way to figure out if someone saved 'what
          > files' to a floppy on a particular day, or days?
          >
          > System is Win98
          >
          > Most all files were tampered with by the company tech peoples so date stamps
          > are almost useless. (I'm hoping for some log transferring to A: as he had a
          > bundle of clean floppies on his desk and they depleted over a week).
          >
          >
          > Is that possible at all?
          >
          >
          >
          >
          >
          >
          >
          >
          >
          >
          >
          > Yahoo! Groups Links
          >
          >
          >
          >
          >
          >
        • Rich Thompson
          what about the dates on the .LNK file - you should be able to find a .lnk for that file to the a: drive. Maybe that could help.... Rich Thompson
          Message 4 of 24 , Jun 3, 2004
          • 0 Attachment
            what about the dates on the .LNK file - you should be
            able to find a .lnk for that file to the a: drive.
            Maybe that could help....

            Rich Thompson


            --- IanC <saladin@...> wrote:
            > I don't suppose there is an easy way to figure out
            > if someone saved 'what
            > files' to a floppy on a particular day, or days?
            >
            > System is Win98
            >
            > Most all files were tampered with by the company
            > tech peoples so date stamps
            > are almost useless. (I'm hoping for some log
            > transferring to A: as he had a
            > bundle of clean floppies on his desk and they
            > depleted over a week).
            >
            >
            > Is that possible at all?
            >
            >
            >
            >
            >
            >
            >
            >
          • Steve Fowler
            I thought this would be really easy when I quoted doing this for a client in support of a deposition, but now I m flummoxed! The client asked for a report
            Message 5 of 24 , Jun 3, 2004
            • 0 Attachment
              I thought this would be really easy when I quoted doing this for a client
              in support of a deposition, but now I'm flummoxed! The client asked for a
              report showing only the files names where any of a few dozen search terms
              appear within *active data* (allocated files/NOT deleted files). Once
              getting to it, what seemed trivial now seems altogether monumental -- much
              more time consuming than producing deleted evidence. What's the quick &
              easy way to do this? At the rate I'm going, the purps will have finished
              their jail terms before I do !!! ;-)

              Steve
            • IanC
              I d be tempted to restore the drive, slave it, and wipe the deleted files off it. Afterwards do your searches on that then compare what file hits you got off
              Message 6 of 24 , Jun 3, 2004
              • 0 Attachment
                I'd be tempted to restore the drive, slave it, and wipe the deleted files
                off it. Afterwards do your searches on that then compare what file hits you
                got off that, with the original image.


                > I thought this would be really easy when I quoted doing this
                > for a client in support of a deposition, but now I'm
                > flummoxed! The client asked for a report showing only the
                > files names where any of a few dozen search terms appear
                > within *active data* (allocated files/NOT deleted files).
                > Once getting to it, what seemed trivial now seems altogether
                > monumental -- much more time consuming than producing deleted
                > evidence. What's the quick & easy way to do this? At the
                > rate I'm going, the purps will have finished
                > their jail terms before I do !!! ;-)
                >
                > Steve
              • Steve Fowler
                Ian -- That s very close to one of things I have done so far... but very time consuming, one-by-one processing. Anyone know about a UTILITY that takes a list
                Message 7 of 24 , Jun 3, 2004
                • 0 Attachment
                  Ian --
                  That's very close to one of things I have done so far... but very
                  time consuming, one-by-one processing. Anyone know about a UTILITY that
                  takes a list of terms as input, and spits out a list of files
                  names??? Thanks Ian.
                  ---- Steve
                  =====
                  At 01:10 PM 6/3/04, you wrote:
                  >I'd be tempted to restore the drive, slave it, and wipe the deleted files
                  >off it. Afterwards do your searches on that then compare what file hits you
                  >got off that, with the original image.
                  >
                  >
                  > > I thought this would be really easy when I quoted doing this
                  > > for a client in support of a deposition, but now I'm
                  > > flummoxed! The client asked for a report showing only the
                  > > files names where any of a few dozen search terms appear
                  > > within *active data* (allocated files/NOT deleted files).
                  > > Once getting to it, what seemed trivial now seems altogether
                  > > monumental -- much more time consuming than producing deleted
                  > > evidence. What's the quick & easy way to do this? At the
                  > > rate I'm going, the purps will have finished
                  > > their jail terms before I do !!! ;-)
                  > >
                  > > Steve
                  >
                  >
                  >
                  >
                  >
                  >Yahoo! Groups Links
                  >
                  >
                  >
                  >
                • Brendan Murray
                  This seems simple so maybe I m missing the point of the question. What s wrong with find . -type f -exec egrep -c -H -f search_terms.txt {} ; or even
                  Message 8 of 24 , Jun 3, 2004
                  • 0 Attachment
                    This seems simple so maybe I'm missing the point of the
                    question.

                    What's wrong with

                    "find . -type f -exec egrep -c -H -f search_terms.txt {} \; "

                    or even

                    "find . -type f -exec egrep -c -F -H -f search_terms.txt {} \; "


                    Both will list the names of all the files that it finds
                    starting from the CWD using the search terms in
                    search_terms.txt. The second form doesn't use regular
                    expressions so its prob faster (haven't tested it) and it's
                    easier to look for things that look like wild cards.

                    find isn't going to fine deleted files, and of course you can still
                    use the image without the deleted files





                    --- In linux_forensics@yahoogroups.com, Steve Fowler <sfowler@d...> wrote:
                    > I thought this would be really easy when I quoted doing this for a
                    client
                    > in support of a deposition, but now I'm flummoxed! The client asked
                    for a
                    > report showing only the files names where any of a few dozen search
                    terms
                    > appear within *active data* (allocated files/NOT deleted files). Once
                    > getting to it, what seemed trivial now seems altogether monumental
                    -- much
                    > more time consuming than producing deleted evidence. What's the
                    quick &
                    > easy way to do this? At the rate I'm going, the purps will have
                    finished
                    > their jail terms before I do !!! ;-)
                    >
                    > Steve
                  • Altheide, Cory B. (IARC)
                    fgrep -lr --file=SEARCH_TERMS.txt /mounted/volume_or_imagefile /different/mounted/volume/HITLIST.txt Cory Altheide Senior Network Forensics Specialist
                    Message 9 of 24 , Jun 3, 2004
                    • 0 Attachment
                      fgrep -lr --file=SEARCH_TERMS.txt /mounted/volume_or_imagefile >> \
                      /different/mounted/volume/HITLIST.txt

                      Cory Altheide
                      Senior Network Forensics Specialist
                      NNSA Information Assurance Response Center (IARC)
                      altheidec@...


                      > -----Original Message-----
                      > From: Steve Fowler [mailto:sfowler@...]
                      > Sent: Thursday, June 03, 2004 1:08 PM
                      > To: linux_forensics@yahoogroups.com
                      > Subject: [linux_forensics] Listing File Names Containing Search Terms
                      >
                      >
                      > I thought this would be really easy when I quoted doing this
                      > for a client
                      > in support of a deposition, but now I'm flummoxed! The
                      > client asked for a
                      > report showing only the files names where any of a few dozen
                      > search terms
                      > appear within *active data* (allocated files/NOT deleted
                      > files). Once
                      > getting to it, what seemed trivial now seems altogether
                      > monumental -- much
                      > more time consuming than producing deleted evidence. What's
                      > the quick &
                      > easy way to do this? At the rate I'm going, the purps will
                      > have finished
                      > their jail terms before I do !!! ;-)
                      >
                      > Steve
                    • Gary Funck
                      ... This is good, but depends upon the -r (recursive) option of (GNU) fgrep. If -r is supported, you re good to go. In older Linux s and on other Un*x s you
                      Message 10 of 24 , Jun 3, 2004
                      • 0 Attachment
                        > -----Original Message-----
                        > From: Altheide, Cory B. (IARC) [mailto:AltheideC@...]
                        > Sent: Thursday, June 03, 2004 4:15 PM
                        > To: 'linux_forensics@yahoogroups.com'
                        > Subject: RE: [linux_forensics] Listing File Names Containing Search
                        > Terms
                        >
                        >
                        > fgrep -lr --file=SEARCH_TERMS.txt /mounted/volume_or_imagefile >> \
                        > /different/mounted/volume/HITLIST.txt
                        >

                        This is good, but depends upon the '-r' (recursive) option of (GNU) fgrep.
                        If -r is supported, you're good to go.

                        In older Linux's and on other Un*x's you might need to try something like:

                        find /mounted/volume_or_imagefile -type f -print0 \
                        | xargs -0 fgrep -l -f SEARCH_TERMS.TXT \
                        > /different/mounted/volume/HITLIST.txt

                        The -print0 and -0 options are extensions to the older versions of
                        find and xargs. They're needed if you want to process filenames with
                        blanks and other special characters in them, which is typical of a
                        mounted Windows volume.

                        On the fgrep above, you might also add the 'i' switch to ignore case.

                        Keep in mind that this approach won't find matches (1) where there are
                        simple mispellings of the strings to be matched, (2) Files (such as
                        some newer versions of Word(tm) and internationalized text) that utilize
                        16-bit [2 byte] characters, (3) zip files, PDF files, uuencoded attachments
                        in mail messages stored inside files, and (4) many other file formats where
                        the
                        data is compressed or encoded, but this approach will find the low hanging
                        fruit.

                        In addition to the simple -l switch, the -C <num> switch can be used in
                        place
                        of -l. This will print <num> lines on either side of the match, and is
                        useful
                        for culling through the matches.
                      • Andrew Rosen
                        SMART. Point and click or drag and drop. ... ===== Regards - Andrew Rosen ASR Data Acquisition & Analysis, LLC - Austin, Texas
                        Message 11 of 24 , Jun 4, 2004
                        • 0 Attachment
                          SMART. Point and click or drag and drop.

                          --- Steve Fowler <sfowler@...> wrote:
                          > Ian --
                          > That's very close to one of things I have
                          > done so far... but very
                          > time consuming, one-by-one processing. Anyone know
                          > about a UTILITY that
                          > takes a list of terms as input, and spits out a list
                          > of files
                          > names??? Thanks Ian.
                          > ---- Steve
                          >

                          =====
                          Regards -

                          Andrew Rosen
                          ASR Data Acquisition & Analysis, LLC - Austin, Texas




                          __________________________________
                          Do you Yahoo!?
                          Friends. Fun. Try the all-new Yahoo! Messenger.
                          http://messenger.yahoo.com/
                        • Altheide, Cory B. (IARC)
                          ... ... Thanks for the extended info, but searching through the GNU grep changelog yields the following: 1998-08-18 Paul Eggert Add support for new -r or
                          Message 12 of 24 , Jun 4, 2004
                          • 0 Attachment
                            > -----Original Message-----
                            > From: Gary Funck [mailto:gary@...]
                            >
                            > > -----Original Message-----
                            > > From: Altheide, Cory B. (IARC) [mailto:AltheideC@...]
                            > >
                            > > fgrep -lr --file=SEARCH_TERMS.txt
                            > /mounted/volume_or_imagefile >> \
                            > > /different/mounted/volume/HITLIST.txt
                            > >
                            >
                            > This is good, but depends upon the '-r' (recursive) option of
                            > (GNU) fgrep. If -r is supported, you're good to go.
                            >
                            > In older Linux's and on other Un*x's you might need to try
                            > something like:
                            >
                            > find /mounted/volume_or_imagefile -type f -print0 \
                            > | xargs -0 fgrep -l -f SEARCH_TERMS.TXT \
                            > > /different/mounted/volume/HITLIST.txt
                            >
                            ...

                            Thanks for the extended info, but searching through the GNU grep changelog
                            yields the following:

                            1998-08-18 Paul Eggert

                            Add support for new -r or --recursive (or -d recurse or
                            --directories=recurse) option.

                            If your Linux forensics workstation is running a version of grep from 1998
                            you've got bigger problems to solve than "how do I list file names
                            containing search terms". ;)

                            -- Cory
                          • IanC
                            I just tried that Rich and for some reason it didn t work too well,, or at least I think it didn t. I did also just search for A: and of course got loads of
                            Message 13 of 24 , Jun 4, 2004
                            • 0 Attachment
                              I just tried that Rich and for some reason it didn't work too well,, or at
                              least I think it didn't. I did also just search for A:\ and of course got
                              loads of hits but can see what are personal files that must have hit or been
                              on A:\ and what are installation info for programs etc. Comparing those good
                              results with the .lnk files there appears to be a load of .lnk files
                              missing.

                              This could be caused by the files originally being upon a floppy then copied
                              to C:\ I guess,, but even some of them ain't on C:\ now (lots are not). Must
                              admit this is giving me a big headache & making my eyes go all skew-whiff.
                              I'm pleased it's Friday.

                              Thanks Rich


                              > what about the dates on the .LNK file - you should be able to
                              > find a .lnk for that file to the a: drive.
                              > Maybe that could help....
                              >
                              > Rich Thompson
                              >
                              >
                              > --- IanC <saladin@...> wrote:
                              > > I don't suppose there is an easy way to figure out if someone saved
                              > > 'what files' to a floppy on a particular day, or days?
                              > >
                              > > System is Win98
                              > >
                              > > Most all files were tampered with by the company tech
                              > peoples so date
                              > > stamps are almost useless. (I'm hoping for some log
                              > transferring to A:
                              > > as he had a bundle of clean floppies on his desk and they depleted
                              > > over a week).
                              > >
                              > >
                              > > Is that possible at all?
                              > >
                              > >
                              > >
                              > >
                              > >
                              > >
                              > >
                              > >
                              >
                              >
                              >
                              > ------------------------ Yahoo! Groups Sponsor
                              > --------------------~--> Make a clean sweep of pop-up ads.
                              > Yahoo! Companion Toolbar.
                              > Now with Pop-Up Blocker. Get it for free!
                              > http://us.click.yahoo.com/L5YrjA/eSIIAA/yQLSAA/M4xqlB/TM
                              > --------------------------------------------------------------
                              > ------~->
                              >
                              >
                              > Yahoo! Groups Links
                              >
                              >
                              >
                              >
                              >
                            • Rich Thompson
                              OK... How about the Recent Docs list, should be in the registry (I think the key is something like MRU). If it was on the C then saved to the then it might be
                              Message 14 of 24 , Jun 4, 2004
                              • 0 Attachment
                                OK...

                                How about the Recent Docs list, should be in the
                                registry (I think the key is something like MRU). If
                                it was on the C then saved to the then it might be in
                                the recent docs list - or a back-up list kept with the
                                registry.

                                Try that.....

                                I'll keep thinking!

                                Rich


                                --- IanC <saladin@...> wrote:
                                > I just tried that Rich and for some reason it didn't
                                > work too well,, or at
                                > least I think it didn't. I did also just search for
                                > A:\ and of course got
                                > loads of hits but can see what are personal files
                                > that must have hit or been
                                > on A:\ and what are installation info for programs
                                > etc. Comparing those good
                                > results with the .lnk files there appears to be a
                                > load of .lnk files
                                > missing.
                                >
                                > This could be caused by the files originally being
                                > upon a floppy then copied
                                > to C:\ I guess,, but even some of them ain't on C:\
                                > now (lots are not). Must
                                > admit this is giving me a big headache & making my
                                > eyes go all skew-whiff.
                                > I'm pleased it's Friday.
                                >
                                > Thanks Rich
                                >
                                >
                                > > what about the dates on the .LNK file - you should
                                > be able to
                                > > find a .lnk for that file to the a: drive.
                                > > Maybe that could help....
                                > >
                                > > Rich Thompson
                                > >
                                > >
                                > > --- IanC <saladin@...> wrote:
                                > > > I don't suppose there is an easy way to figure
                                > out if someone saved
                                > > > 'what files' to a floppy on a particular day, or
                                > days?
                                > > >
                                > > > System is Win98
                                > > >
                                > > > Most all files were tampered with by the company
                                > tech
                                > > peoples so date
                                > > > stamps are almost useless. (I'm hoping for some
                                > log
                                > > transferring to A:
                                > > > as he had a bundle of clean floppies on his desk
                                > and they depleted
                                > > > over a week).
                                > > >
                                > > >
                                > > > Is that possible at all?
                                > > >
                                > > >
                                > > >
                                > > >
                                > > >
                                > > >
                                > > >
                                > > >
                                > >
                                > >
                                > >
                                > > ------------------------ Yahoo! Groups Sponsor
                                > > --------------------~--> Make a clean sweep of
                                > pop-up ads.
                                > > Yahoo! Companion Toolbar.
                                > > Now with Pop-Up Blocker. Get it for free!
                                > >
                                >
                                http://us.click.yahoo.com/L5YrjA/eSIIAA/yQLSAA/M4xqlB/TM
                                > >
                                >
                                --------------------------------------------------------------
                                > > ------~->
                                > >
                                > >
                                > > Yahoo! Groups Links
                                > >
                                > >
                                > >
                                > >
                                > >
                                >
                                >
                              • Gary Funck
                                ... [...] ... True. :) But sometimes you ll be called into an existing installation, which runs some combination of older systems and software and you won t be
                                Message 15 of 24 , Jun 4, 2004
                                • 0 Attachment
                                  > -----Original Message-----
                                  > From: Altheide, Cory B. (IARC) [mailto:AltheideC@...]
                                  > Sent: Friday, June 04, 2004 9:17 AM
                                  [...]
                                  >
                                  > Thanks for the extended info, but searching through the GNU grep changelog
                                  > yields the following:
                                  >
                                  > 1998-08-18 Paul Eggert
                                  >
                                  > Add support for new -r or --recursive (or -d recurse or
                                  > --directories=recurse) option.
                                  >
                                  > If your Linux forensics workstation is running a version of grep from 1998
                                  > you've got bigger problems to solve than "how do I list file names
                                  > containing search terms". ;)
                                  >

                                  True. :) But sometimes you'll be called into an existing installation,
                                  which runs some combination of older systems and software and you won't
                                  be at liberty to bring, or to use, your own tools. In that case, it is
                                  worth knowing the old way to work around limitations in the older tools.

                                  And an additional consideration not mentioned in my previous note,
                                  when using grep ... fgrep patterns
                                  don't cross line boundaries, so if you're looking for "four score and
                                  twenty years", and there's a line break just before the word "twenty",
                                  fgrep won't find the match. Similarly, matchs on HTML encoded text will
                                  be problematic.
                                • IanC
                                  Thanks Rich,, Most all files though were opened by the company tech peoples and it is this which is causing me the headaches (them changing everything). The
                                  Message 16 of 24 , Jun 4, 2004
                                  • 0 Attachment
                                    Thanks Rich,,
                                    Most all files though were opened by the company tech peoples and it is this
                                    which is causing me the headaches (them changing everything). The Recent
                                    Docs list shows what they looked at.

                                    "I'll keep thinking!"

                                    Thanks...
                                    I've got to the thinking about getting my gun & shooting the drive,, or the
                                    alleged tech guys! :-)




                                    > OK...
                                    >
                                    > How about the Recent Docs list, should be in the registry (I
                                    > think the key is something like MRU). If it was on the C
                                    > then saved to the then it might be in the recent docs list -
                                    > or a back-up list kept with the registry.
                                    >
                                    > Try that.....
                                    >
                                    > I'll keep thinking!
                                    >
                                    > Rich
                                    >
                                    >
                                    > --- IanC <saladin@...> wrote:
                                    > > I just tried that Rich and for some reason it didn't work
                                    > too well,,
                                    > > or at least I think it didn't. I did also just search for
                                    > A:\ and of
                                    > > course got loads of hits but can see what are personal
                                    > files that must
                                    > > have hit or been on A:\ and what are installation info for programs
                                    > > etc. Comparing those good results with the .lnk files there
                                    > appears to
                                    > > be a load of .lnk files missing.
                                    > >
                                    > > This could be caused by the files originally being upon a
                                    > floppy then
                                    > > copied to C:\ I guess,, but even some of them ain't on C:\
                                    > now (lots
                                    > > are not). Must admit this is giving me a big headache &
                                    > making my eyes
                                    > > go all skew-whiff.
                                    > > I'm pleased it's Friday.
                                    > >
                                    > > Thanks Rich
                                    > >
                                    > >
                                    > > > what about the dates on the .LNK file - you should
                                    > > be able to
                                    > > > find a .lnk for that file to the a: drive.
                                    > > > Maybe that could help....
                                    > > >
                                    > > > Rich Thompson
                                    > > >
                                    > > >
                                    > > > --- IanC <saladin@...> wrote:
                                    > > > > I don't suppose there is an easy way to figure
                                    > > out if someone saved
                                    > > > > 'what files' to a floppy on a particular day, or
                                    > > days?
                                    > > > >
                                    > > > > System is Win98
                                    > > > >
                                    > > > > Most all files were tampered with by the company
                                    > > tech
                                    > > > peoples so date
                                    > > > > stamps are almost useless. (I'm hoping for some
                                    > > log
                                    > > > transferring to A:
                                    > > > > as he had a bundle of clean floppies on his desk
                                    > > and they depleted
                                    > > > > over a week).
                                    > > > >
                                    > > > >
                                    > > > > Is that possible at all?
                                    > > > >
                                    > > > >
                                    > > > >
                                    > > > >
                                    > > > >
                                    > > > >
                                    > > > >
                                    > > > >
                                    > > >
                                    > > >
                                    > > >
                                    > > > ------------------------ Yahoo! Groups Sponsor
                                    > > > --------------------~--> Make a clean sweep of
                                    > > pop-up ads.
                                    > > > Yahoo! Companion Toolbar.
                                    > > > Now with Pop-Up Blocker. Get it for free!
                                    > > >
                                    > >
                                    > http://us.click.yahoo.com/L5YrjA/eSIIAA/yQLSAA/M4xqlB/TM
                                    > > >
                                    > >
                                    > --------------------------------------------------------------
                                    > > > ------~->
                                    > > >
                                    > > >
                                    > > > Yahoo! Groups Links
                                    > > >
                                    > > >
                                    > > >
                                    > > >
                                    > > >
                                    > >
                                    > >
                                    >
                                    >
                                    >
                                    > ------------------------ Yahoo! Groups Sponsor
                                    > --------------------~--> Make a clean sweep of pop-up ads.
                                    > Yahoo! Companion Toolbar.
                                    > Now with Pop-Up Blocker. Get it for free!
                                    > http://us.click.yahoo.com/L5YrjA/eSIIAA/yQLSAA/M4xqlB/TM
                                    > --------------------------------------------------------------
                                    > ------~->
                                    >
                                    >
                                    > Yahoo! Groups Links
                                    >
                                    >
                                    >
                                    >
                                    >
                                    >
                                  • IanC
                                    Can someone explain in basic terms what the difference is between Data CD s & Music CD s and if there is a big difference why that is?
                                    Message 17 of 24 , Jun 5, 2004
                                    • 0 Attachment
                                      Can someone explain in basic terms what the difference is between Data CD's
                                      & Music CD's and if there is a big difference why that is?
                                    • Gary Funck
                                      ... [...] ... http://www.cdrfaq.org/faq07.html#S7-17 Subject: [7-17] What s the difference between data and music blanks? (2003/01/13) Consumer
                                      Message 18 of 24 , Jun 5, 2004
                                      • 0 Attachment
                                        > -----Original Message-----
                                        > From: IanC [mailto:saladin@...]
                                        > Sent: Saturday, June 05, 2004 2:40 PM
                                        [...]
                                        >
                                        > Can someone explain in basic terms what the difference is between
                                        > Data CD's
                                        > & Music CD's and if there is a big difference why that is?
                                        >

                                        http://www.cdrfaq.org/faq07.html#S7-17

                                        Subject: [7-17] What's the difference between "data" and "music" blanks?
                                        (2003/01/13)
                                        "Consumer" stand-alone audio CD recorders require special blanks. See
                                        section (5-12) for details. There is no difference in quality or composition
                                        between "data" blanks and "music" blanks, except for a flag that indicates
                                        which one it is. It's likely that "music" blanks are optimized for recording
                                        at 1x, since anything you record "live" is by definition recorded at 1x
                                        (though some dual-drive systems allow track copying at higher speeds).

                                        You don't have to use "music" blanks to record music on a computer or on a
                                        "professional" stand-alone audio CD recorder. Nothing will prevent you from
                                        doing so, but there's no advantage to it.

                                        The "music" blanks are more expensive than the "data" blanks because a
                                        portion of the price goes to the music industry. The specifics vary from
                                        country to country. In the USA, the money goes to the RIAA, which
                                        distributes it to artists who have navigated through a complicated
                                        application process.

                                        Some manufacturers have on occasion marked low-quality data discs as being
                                        "for music", on the assumption that small errors will go unnoticed. Make
                                        sure that, if you need the special blanks, you're getting the right thing.

                                        (Technically, there are actually three kinds of blanks: type 1a for CD-ROM
                                        or professional audio recording, type 1b for special-purpose applications
                                        like PhotoCD, and type 2 for unrestricted use. "Music" blanks are type 2,
                                        "data" blanks are type 1a.)

                                        Some disc manufacturers label "music" blanks as "universal use", since they
                                        will work on anything.
                                      • Steve Fowler
                                        Ian - The primary diff is one of primary colors: *yellow book* is for data, *red book* is for music!! ;-) Try this link for an educational synopsis:
                                        Message 19 of 24 , Jun 7, 2004
                                        • 0 Attachment
                                          Ian -
                                          The primary diff is one of primary colors: *yellow book* is for
                                          data, *red book* is for music!! ;-)
                                          Try this link for an educational synopsis:

                                          http://www.disctronics.co.uk/technology/cdbasics/cd_intro.htm

                                          Steve
                                          ===========
                                          At 02:39 PM 6/5/04, you wrote:
                                          >Can someone explain in basic terms what the difference is between Data CD's
                                          >& Music CD's and if there is a big difference why that is?
                                          >
                                          >
                                          >
                                          >
                                          >
                                          >
                                          >
                                          >
                                          >Yahoo! Groups Links
                                          >
                                          >
                                          >
                                          >
                                        • IanC
                                          I was in court today regarding this drive and those missing .lnk I mentioned below were caused because at one time the computer was networked through a
                                          Message 20 of 24 , Jun 9, 2004
                                          • 0 Attachment
                                            I was in court today regarding this drive and those missing '.lnk' I
                                            mentioned below were caused because at one time the computer was networked
                                            through a database application so those missing links were somewhere within
                                            the database but hidden in code,, and the actual 'important' files were on a
                                            different system.

                                            Today actually went very well and I sincerely appreciate your assistance
                                            Rich because (after you wrote) then me having missing links,, then hearing
                                            the system was once networked through a database, everything then was easy
                                            to understand and follow a trail with.

                                            Thanks mate..


                                            > -----Original Message-----
                                            > From: IanC [mailto:saladin@...]
                                            > Sent: Friday, June 04, 2004 1:26 PM
                                            > To: linux_forensics@yahoogroups.com
                                            > Subject: RE: [linux_forensics] Saved to A:
                                            >
                                            > I just tried that Rich and for some reason it didn't work too
                                            > well,, or at least I think it didn't. I did also just search
                                            > for A:\ and of course got loads of hits but can see what are
                                            > personal files that must have hit or been on A:\ and what are
                                            > installation info for programs etc. Comparing those good
                                            > results with the .lnk files there appears to be a load of
                                            > .lnk files missing.
                                            >
                                            > This could be caused by the files originally being upon a
                                            > floppy then copied to C:\ I guess,, but even some of them
                                            > ain't on C:\ now (lots are not). Must admit this is giving me
                                            > a big headache & making my eyes go all skew-whiff.
                                            > I'm pleased it's Friday.
                                            >
                                            > Thanks Rich
                                            >
                                            >
                                            > > what about the dates on the .LNK file - you should be able
                                            > to find a
                                            > > .lnk for that file to the a: drive.
                                            > > Maybe that could help....
                                            > >
                                            > > Rich Thompson
                                            > >
                                            > >
                                            > > --- IanC <saladin@...> wrote:
                                            > > > I don't suppose there is an easy way to figure out if
                                            > someone saved
                                            > > > 'what files' to a floppy on a particular day, or days?
                                            > > >
                                            > > > System is Win98
                                            > > >
                                            > > > Most all files were tampered with by the company tech
                                            > > peoples so date
                                            > > > stamps are almost useless. (I'm hoping for some log
                                            > > transferring to A:
                                            > > > as he had a bundle of clean floppies on his desk and they
                                            > depleted
                                            > > > over a week).
                                            > > >
                                            > > >
                                            > > > Is that possible at all?
                                          • Rich Thompson
                                            Anytime! I m glad it went well. Rich
                                            Message 21 of 24 , Jun 10, 2004
                                            • 0 Attachment
                                              Anytime! I'm glad it went well.

                                              Rich

                                              --- IanC <saladin@...> wrote:
                                              > I was in court today regarding this drive and those
                                              > missing '.lnk' I
                                              > mentioned below were caused because at one time the
                                              > computer was networked
                                              > through a database application so those missing
                                              > links were somewhere within
                                              > the database but hidden in code,, and the actual
                                              > 'important' files were on a
                                              > different system.
                                              >
                                              > Today actually went very well and I sincerely
                                              > appreciate your assistance
                                              > Rich because (after you wrote) then me having
                                              > missing links,, then hearing
                                              > the system was once networked through a database,
                                              > everything then was easy
                                              > to understand and follow a trail with.
                                              >
                                              > Thanks mate..
                                              >
                                              >
                                              > > -----Original Message-----
                                              > > From: IanC [mailto:saladin@...]
                                              > > Sent: Friday, June 04, 2004 1:26 PM
                                              > > To: linux_forensics@yahoogroups.com
                                              > > Subject: RE: [linux_forensics] Saved to A:
                                              > >
                                              > > I just tried that Rich and for some reason it
                                              > didn't work too
                                              > > well,, or at least I think it didn't. I did also
                                              > just search
                                              > > for A:\ and of course got loads of hits but can
                                              > see what are
                                              > > personal files that must have hit or been on A:\
                                              > and what are
                                              > > installation info for programs etc. Comparing
                                              > those good
                                              > > results with the .lnk files there appears to be a
                                              > load of
                                              > > .lnk files missing.
                                              > >
                                              > > This could be caused by the files originally being
                                              > upon a
                                              > > floppy then copied to C:\ I guess,, but even some
                                              > of them
                                              > > ain't on C:\ now (lots are not). Must admit this
                                              > is giving me
                                              > > a big headache & making my eyes go all skew-whiff.
                                              > > I'm pleased it's Friday.
                                              > >
                                              > > Thanks Rich
                                              > >
                                              > >
                                              > > > what about the dates on the .LNK file - you
                                              > should be able
                                              > > to find a
                                              > > > .lnk for that file to the a: drive.
                                              > > > Maybe that could help....
                                              > > >
                                              > > > Rich Thompson
                                              > > >
                                              > > >
                                              > > > --- IanC <saladin@...> wrote:
                                              > > > > I don't suppose there is an easy way to figure
                                              > out if
                                              > > someone saved
                                              > > > > 'what files' to a floppy on a particular day,
                                              > or days?
                                              > > > >
                                              > > > > System is Win98
                                              > > > >
                                              > > > > Most all files were tampered with by the
                                              > company tech
                                              > > > peoples so date
                                              > > > > stamps are almost useless. (I'm hoping for
                                              > some log
                                              > > > transferring to A:
                                              > > > > as he had a bundle of clean floppies on his
                                              > desk and they
                                              > > depleted
                                              > > > > over a week).
                                              > > > >
                                              > > > >
                                              > > > > Is that possible at all?
                                              >
                                              >
                                            Your message has been successfully submitted and would be delivered to recipients shortly.