jaclaz

It must have been a loong time ago that you were in college, like yesteryear. Sure a flash drive has several other parts besides the memory, but you can use a micro SD card reader (like some of the mentioned USB sticks actually are), this way the recordable media is "the same" (and detachable) as the one in your handy or camera. Laughing at 4 Gb is actually making me laugh, when they came out for the first time (like a year or so) a common USB stick was 64 to 128 Mb and a 512 Mb was "luxury". jaclaz

Well, the first thing that you should do is to make a "dd-like" or "forensic sound" image of the physicaldrive. You can use dd or ddrescue or dd_rescue in Linux or datarescue dd or dsfok under windows: http://www.datarescue.com/photorescue/v3/drdd.htm http://members.ozemail.com.au/~nulifetv/freezip/freeware/ to that effect. Once you have an image, ideally you make a copy of this image and start working on this latter. In any case, you can run again TESTDISK on the stick with the LOG option and post the log, That should be enough to understand at least what might have happened (there are a number of issue that might have happened, including hardware failure ). No offence intended, but you seem like not very "exact" in your report, and a TESTDISK log may provide the information that you either missed or mis-represented, in addition I would like you to post some "descriptions", like what exact make/model the stick is, how exactly it was partitioned (IF partitioned) which filesystem(s) were used, which kind of files you had on it that you value (as an example even without managing to recover the actual volume structure it may be possible to recover some files through direct carving with PHOTOREC or similar), etc. The more details you provide, the more likely it is that a suggestion would be appropriate. jaclaz

You might like it or not, but usually there is CTRL+SHIFT+U and then keeping pressed the CTRL+SHIFT digit the Unicode 4 character ordinal of the character. http://en.wikipedia.org/wiki/Unicode_input jaclaz

Well you are assuming that ALL EFI/UEFI are the same (they are not). As a matter of fact there are now MORE different EFI/UEFI intefaces than stars in the sky. With BIOSes, there were three or four "providers" and each PC maker made mostly "little changes" with EFI/UEFI each motherboard manufacturer seems to have his own way (slightly or very) different from all the others. Which exact PC/Motherboard are you dealing with? jaclaz

Naah, not only it is the usual FUD, but taking a "plain" full, complete forensic image of the disk would take - say - at the most 4 hours and even if the GI guys made a chipoff or similar physical extraction of RAM and ROM/EPROM (why? ). Translation: They simply wanted to harass the user and/or it was so low priority that it went at the end of the backlog, or rectius, the PC was ready after a few hours but was sent back only when it was asked for. The green are facts, the red pure speculation: The guy asked it back after seven weeks, and got it back the day after. As a side note: Yeah, sure, you can trust on their word that the CIA guys (or NSA or the military or whomever) have fully obeyed and destroyed each and every file and each and every copy they made of them. If they do have a list of all Manning Support Network donors, surely it comes from some other source Now, if I had a PC of mine seized and then returned to me by the Feds (and if I was suspected to be involved in something like the Manning case) I would look for a keylogger placed in it while they had it in their possession, or - safer, wipe it and either destroy it or sell it on e-bay the very day after I got it back, but that's another story. jaclaz

Sure . I was talking of work, not play. In 1994 if not the very top, a near the top hard disk was 2.1 Gb (and SCSI), the average disk was 300 Mb to 1 Gb: http://en.wikipedia.org/wiki/File:Hard_drive_capacity_over_time.png The Quantum Fireball was the first "common" disk with a capacity over 1 GB, if I recall correctly, and that was already 1995, and everyone, or almost anyone upgraded to Windows 95 and DOS 7.0. jaclaz

There are several programs that you can attempt using. A couple: Avidemux http://www.videohelp.com/tools/AviDemux Virtualdub: http://www.virtualdub.org/ you will need a plugin for ,mov: http://www.donsalva.com/2011/07/03/how-to-use-mkv-mp4-flv-mov-and-other-file-formats-with-virtualdub Or even Defraser: http://sourceforge.net/projects/defraser/ Which one (if any) might work "better" (or "at all" ) is not possible to say in advance, when you are trying to recover "complex formats" it is mostly a "hit and miss" game. Before that, I would anyway have a "second opinion" by using Photorec: http://www.cgsecurity.org/wiki/PhotoRec and a "third opinion" using DMDE: http://dmde.com/ to recover those .mov files, it is very possible that the result will be similar or identical to what you managed to get with Testdisk, but you never know. jaclaz

Allow me to doubt that about having "IDE compatibility mode" vs. AHCI. IF the disk does have NCQ, then the difference can be noticeable: http://www.msfn.org/board/topic/126658-ahci-performance-question/ http://www.msfn.org/board/topic/120444-how-to-install-windows-from-usb-winsetupfromusb-with-gui/?p=884409 jaclaz

Naah, what is needed apparently is the use of the Windows "original" MBR CODE in order to have bitlocker and/or TCPA working, the "boot" partition has nothing to do with that. See: http://reboot.pro/topic/4476-mbr-and-os-independence/ and BACK to: http://www.multibooters.co.uk/mbr.html jaclaz

Well, THEN, the link to http://www.msfn.org/board/topic/156869-get-waik-tools-wo-downloading-the-huge-isos/ is enough. Come on ... . Anyway, those were just ideas , if it is possible to avoid the *need* of the otherwise excellent tool by JFX (please read as avoiding completely the use of MS tools from WAIK/ADK) it would be - as I see it - a step forward. jaclaz

@Chris JFYI, and of course if you are into experimenting, you can get rid of DISM too. There is a brand new wimlib that is working exceptionally well: http://reboot.pro/topic/18345-wimlib-with-imagex-implementation/ http://sourceforge.net/projects/wimlib (though at the moment it is not clear if it's -yet- compatible with latest 8.1 RTM that has seemingly changed *something* in the .wim ) jaclaz

Sure , check "essence" : http://dictionary.reference.com/browse/essence The comment was following of initial suggestion, only aimed to highlight how the *need* for .Net and/or .Net 4 was highly debatable. To continue on the same path - with - let this be clear - no offence whatever intended to the actual Author of the nice Granite tool :, this would more or less add a line to the batch using SECEDIT (or as you pointed out, some sequence of SETACL or similar tools): http://www.robvanderwoude.com/secedit.php There is nothing "bad" of course in using any language or environment but simple things should IMHO made as simply as possible (but not more), particularly if there is a scope into making the thingy "portable". jaclaz

If I may and JFYI, there is a "perfect" replacement for Robocopy in strarc (by the good Olof Lagerkvist): http://www.ltr-data.se/opencode.html/ http://www.ltr-data.se/files/strarc.txt jaclaz

Besides the fact that it can be cracked, the original idea is deeply flawed and the sheer numbers are pure bul*****. How long is the sequence of gestures? 3 <- please understand how the mere fact that it is "fixed length" of 3 is already an useful info for "cracking". How many different gestures can you make? According to the math, around 1050 . 1050^3=1,157,625,000 How long a password needs to be to reach the same complexity? ALL CAPS -> a 7 character password gives 8 time that 26^7=8,031,810,176 All alpha -> a 6 character password give 19 time that 52^6=19,770,609,664 Alphanumeric -> a 5 character password gives roughly the same 62^5=916,132,832 All printable -> a 5 character password gives 7 time that 95^5=7,737,809,375 Please notice the exclamation mark on the original article @Neowin: http://www.neowin.net/news/the-math-behind-windows-8039s-picture-passwords I mean, WOW! 1,155,509,083 passwords! We are free from all evil! jaclaz

So, basically, the essence of the program can be reproduced in two lines in batch: http://abhisheksur.wordpress.com/2007/05/17/protecting-a-folder-in-windows-xp/ jaclaz

Good, now it is much clearer, thanks . I would throw on the table - in passing by - the additional use of an invalid folder name , which may add some "protection" . http://www.msfn.org/board/topic/131103-win-ntbt-can-be-omitted/ http://www.msfn.org/board/topic/131103-win-ntbt-can-be-omitted/?p=842843 jaclaz

Good. It is very possible that the *whatever* issue was localized to the FAT structure and to the few .mov files that you found corrupted. If they are important there are ways/tools to attempt recovering them "partially" (i.e. losing the correupted part(s) but recovering the "before" and "after" them. jaclaz

The log has nothing particularly "preoccupying" in it and, more than that you should know that there is in no way "a one shot". Your next step, BEFORE anything else should be that of making a "dd-like" or "forensic sound" image of that card. Then the recovery should be attempted (ideally) on a further copy of that image. Suitable tools to make the image are dsfo (part of the DSFOK toolkit) if you are OK with command line or Datarescuedd (GUI) or CloneDisk (GUI): http://members.ozemail.com.au/~nulifetv/freezip/freeware/ http://www.datarescue.com/photorescue/v3/drdd.htm http://labalec.fr/erwan/?page_id=42 jaclaz

The equivalent to hardlinks/junctions on NTFS are possible on CD/DVD, whether they are applicable/useful in your "project" (or if other "tricks" can be used) is hard to say without more (many more) details about your "project". jaclaz

That "system" partition (which is actually a boot partition, but MS got it the other way round), see here: http://www.multibooters.co.uk/system.html is created by the Windows 7 install ONLY if the disk is not already partitioned/formatted. jaclaz

I have a suggestion , but you won't like it . You simply cannot use "portable" and ".Net Framework" in the same page , particularly when together with "4 or higher" . Apart from the above, which is of course due to my allergy to .Net (let alone 4.0 or higher), I am sure that a few words explaining what the software does and what advantage/differences it features when compared to other similar solutions would be greatly useful. jaclaz

If I may, something that anyone ever using batches or command line should really have on his/her system is Nirsoft Nircmd, which among the n useful features has also those needed to maximize/minimize/hoede/whatever: http://www.nirsoft.net/utils/nircmd.html However the "mistery of the vanished thread" still remains. jaclaz

Just for the record, the idea is not entirely "new" (prank with displays): http://reboot.pro/topic/17676-elevator-prank/ jaclaz

Hey JorgeA, you missed this one : http://www.dailymail.co.uk/sciencetech/article-2408751/The-spy-device-really-undercover-Vest-scans-nearby-mobiles-track-steal-owners-personal-details.html Courtesy of Trewmte on Forensic Focus: http://www.forensicfocus.com/Forums/viewtopic/t=10966/ jaclaz

Well, in the case of Tripredacus, the numbers are hex numbers with a given (four characters format), and thus even in a number of apps/tools (as an example a spreadsheet) may be interpreted alternatively as "text" or as numbers, in his example "considering them as text" is actually "good" and corresponds to "proper" hex number ordering. Examples: 1111 <- this is both a valid decimal number AND a valid "fixed format" hex number AND text 111A <- this is NOT a valid decimal number BUT a valid "fixed format" hex number AND text AAAA <- this is NOT a valid decimal number BUT a valid "fixed format" hex number AND text So, the way of sorting them as in the screenshot posted is actually not only "natural", but the only "logical" one. jaclaz