jaclaz

I would add that a PS/2 IBM model M, which is otherwise a nice thing to have , won't help . jaclaz

As if we had not enough apps that worked alright for years and then - because they "phone home" - started to stop working because the Author (or Software House) changed business/closed the site/whatever. Imagine all the proprietors of SAAB's having their car stop going because the manufacturer went default: http://www.autoindustryinsider.com/?p=2004 And if it continues like this it is not completely unlikely that the good MS guys will close operations of a "line", or "department" or of the whole thing. Imagine that the new CEO (when Ballmer will be replaced) will decide that MS needs to concentrate on it's "core business" (and let's say that it will close or sell the Phone and Games sections) what will happen? Going "live" and "on the cloud" might be the third best thing after ice cream and sliced bread, but definitely it is THE LEAST "future proof" (I tend to believe that "future proof" means "lasting in working conditions"). But let's make a much more practical and common enough example. Imagine that you are a gamer and an internet user. Your phone line gets cut on friday at 17:00 PM (struck by lightning ). Your telephonce company/ISP provider contact guarantees you a intervention within 72 hours. You are left saturday and sunday with no email, no internets, no youtube (yes you live in a place not covered by cellular network or you have alredy used your monthly Gb allotment) You decide to play a few games on your console.... What will you do first thing Monday? Go and buy a good console that needs NO §@ç#ing phoning home Go and buy a good console that needs NO §@ç#ing phoning home AND tell everyone how much the MS thingy sucks Go and buy a good console that needs NO §@ç#ing phoning home AND tell everyone how much the MS thingy sucks AND sell the old one and it's games (hey, wait, you CANNOT do that! you can only tell everyone how it sucks ADDITIONALLY) Please choose one . jaclaz

What they are looking for looks VERY similar to this: http://www.w3.org/History/19921103-hypertext/hypertext/WWW/TheProject.html (which is the 1992 version) And this is the 1991 version (that Jones has preserved on ibiblio): http://first-website.web.cern.ch/blog/1991-web-page-found-password-lost http://www.ibiblio.org/pjones/old.page.html jaclaz

Just for the record, and to clarify, jaclaz never actually proposed a flash drive, he provided two possibilities: using grub4dos to boot a floppy image (without specifying where the grub4dos and the floppy image should reside, it could well be the hard disk - and as well a flash drive, a second hard disk a ZIP or a CF card) using alternatively an El-Torito emulation bootable CD The whole point is/was that a floppy image loaded by grub4dos or by the BIOS El-torito emulation for the CD is to all effects and "from DOS" a floppy, and suitable to flash a BIOS. jaclaz

Ah well, then a lot of people have used them vainly all these years. What about defragging it? I would say that that depends on the storage subsystem, I had the impression that the time needed to load a file from disk was dependent on it's size and on the speed of data transfer the actual device/bus can provide. jaclaz

ALL of them? What is the alternative, cleaning a Registry by hand? Old related threads: http://www.msfn.org/board//index.php?act=ST&f=19&t=111078 http://www.msfn.org/board//index.php?act=ST&f=19&t=68677 jaclaz

Well for the record - and to be more exact, the sense of the board is to exchange idea, info and help each other , WHILST the scope of this particular thread is ONLY about solving the BSY and/or LBA error on 7200.11 drives and NOT "I botched my drive with a wrong firmware, please help?" and NOT "I have different firmware upgrades and I cannot understand why?". This part has been hopefully, but evidently vainly, expressed in the READ ME FIRST (the thing noone reads first ): jaclaz

Not really , on a board, UNLIKE what you normally use, there are QUOTE tags that EVERYONE uses to quote someone else, and double quotes are used to mean " between quotes" (either single or double). Question , when you make gesture "between quotes" do you use just your index (or middle ) finger or both of them? http://en.wikipedia.org/wiki/Air_quotes Now, if you would be so kind to learn how to use the board software properly and along the conventions everyone else uses, I am sure your posts would be much more readable . jaclaz

I wonder HOW you can know that. and how you know this: jaclaz

Sure , I also don't think that there will be one, but you will have to concur that the label in the picture of the thread here is "confusing": http://forum.hddguru.com/viewtopic.php?f=1&t=25629 Model: ST1000LM024 <- anything beginning ST should mean "Seagate Technology" HDD p/n: HN-M101MBB/AVN <- this is a Samsung model On the left: Samsung Spinpoint On the right: Momentus ® <- name traditionally connected with Seagate families of drives Below: Hard Disk drive Rated: DC +5V 0.85 A Seagate Technology LLC Further below: HDD Mfg by Seagate Technology LLC And below again: KCC-REM-STX-Momentus-B Without quite a bit of patience and research it seems like a mad typographer prepared the label. And if you find the datasheet it makes nothing to clear the matter: http://www.seagate.com/files/staticfiles/support/docs/samsung-ds/100698122c.pdf they still seem like two distinct models... But yes I think they are little by little completely removing anything with "Samsung" from their products labeling and datasheets. About RAID, you should normally do raids with SCSI disks (or with SAS ones). (and yes that means $$$$ ) For a good RAID setup, it is logical to have "intelligent" controllers and "dumb" (but fastish and reliable) disks. If you have a bunch of "intelligent" disks, they may *somehow* fight with the controller (and often they do that). jaclaz

Two modems won't normally work without a telephone line, but it is possible to "fake" one . There are a couple related threads here: jaclaz

Define "decent". However : http://www.forensicfocus.com/Forums/viewtopic/t=10557/ In theory they all work alright . Please check attentively the signature I have on Forensic Focus . jaclaz

Yep , and with the motherboards where the chip is soldered is evidently a much more complex thing to do. BTW it of course depends, but it seems like the "boot-block" (in those chips that do have it) is the same (i.e. it is not "model specific") which can enlarge the choice of possible candidate "donours". jaclaz

I have never done this, but in case I do, how do you fix something like this? You miss this reference : jaclaz

Not really, as a matter of fact you have it right : a WinFE ("sterile forensics PE") or Linux Live Forensic distro ("sterile forensics Linux") can still have (as an example) direct access to a hard disk (and both R/W) so you can use them to dig big holes in your filesystems alright, and you would find NO TRACES of what made those "holes" as much as you won't find any bacteria in your real life case. It's the OS (and it's mechanisms) that do not write to the filesystem or to the device (because it is not mounted and/or offline). Imagine to use DOS (booted from a floppy) on a PC with a single partition formatted as NTFS (and without having any third party tool capable of reading NTFS in the DOS floppy). Such a floppy won't do any changes to the hard disk (because DOS is a good, simple, non-multitasking OS without a few tens of mostly unuseful services or daemons runnning in the background, largely undocumented and doing *anything* by their free will ) but also it won't do any changes to the NTFS filesystem/partition, because additionally it doesn't know anything about that filesystem AND it has been designed to consider a (not so casually called properly "protective") partition ID in the MBR as "non plus ultra" or "hic sunt leones". Still, you can use (say) DEBUG to write to the disk alright or use FDISK to remove the "HPFS/NTFS partition". Now imagine the other way round, you draw from the scrapyard an old (DOS only) 386 machine, and it's hard disk that never "saw" a NT based OS. As soon as the hard disk is connected to a new machine running *any* Nt based OS or PE, a disk signature will be written to the MBR. Though this is not a real issue for "substantial" forensics (it is only four bytes, it is not like it creates out of thin air a compromising chat message or a an illegal picture ) it is enough to invalidate the MD5 (or other hash) of the whole disk, enough for a clever lawyer to raise an issue about the managing of the evidence. As soon as the filesystem is mounted, Windows may decide to create new artifacts in the filesystem, or change file access date, theoretically allowing to overwrite some potentially accusing or exculpatory data, this is not acceptable even in "substantial" forensics. No actual surprise that many digital forensic professionals prefer to ONLY use write blockers to connect hard disks for imaging (though even write blockers have been, at least in one occasion, found to be not write blocking properly). jaclaz

Sure, I guess that there are some misunderstandings. As I see it: The OP wrote: Both PROBLEMCHYLD and myself provided possible alternatives to a "real" floppy drive. Nothing more, nothing less. buyerninety raised some doubts on the suggestion I provided and I tried to tell him how his doubts were IMHO not justified/backed up, then he insisted with his doubts and I tried again to explain in more detail why IMHO they were not really an issue. submix8c (who is still shocked by the nice doorholders he made out of a couple of his Dells ) provided some further ranting about updating BIOS under Windows (that was never discussed/mentioned/implied before). Everything seems to me cool enough B) , only some OT has sprung by magic out of the blue (it happens all the time, nothing to worry about ). jaclaz

Who knows? I really have NO idea what you are talking about. Last time I checked it the DOS utility to upgrade the firmware (which is also the ONLY safe way to update it) had no "menu", let alone a "Download data option" in it. jaclaz

I will try again to disambiguate (or at least find a common dictionary , I will readily agree to disagree on *anything* , as long as the thing on which we disagree is clearly identified). You are seemingly confusing "volatile" (in the sense of "volatile environment" with "read only"). A "repair tool" may (or may not) be "volatile" but CANNOT be "read only". A "forensic sterile tool" may (or may not) be "volatile" but MUST be "read only". A repair tool even if "volatile" may well leave behind "traces", or change *something* on the "internal" PC's hard disk as you reported for ERD / DaRT and the link I provided about the WinPE 4.x that jtalbot35 reported. There is nothing "good" nor "bad" about it, it is simply the way a given tool behaves (by design or otherwise), someone using that tool should be aware of what is changed on the target system. A "forensic sterile tool" by definition, and no matter if "volatile" or not, needs to change NOTHING on the target. A "forensic sterile tool" is used for forensics. A "repair tool" is used for repairs. You can - generally speaking - use a "forensics" tool for "repairs" (by disabling the settings/filters/whatever that make it originally "sterile"). You can - generally speaking - use "repair" tool for "forensics" (by enabling the settings/filters/whatever in order to make it "sterile"). A windows based PE is ALWAYS (by definition) "volatile", it can be tweaked towards "forensics" (and thus made READ ONLY and "sterile"), or tweaked towards "repair" (and thus forfaiting the "sterile" and READ ONLY). A Linux Live is also (by definition) "volatile". Both a Windows PE and a Linux Live distro can be booted from CD/DVD (and the CD/DVD is NOT changed in any way="volatile") whether they will "leave traces" on the hard disk is another matter, which is very relevant for "forensics" but of little or no importance for "repairs". BTW you can have a "volatile" environment also with a "full" XP: which you can use for "repairs" but that you CANNOT for "forensics" (as it is evidently NOT "sterile"). ERD or MSDart are intended for "repairs" and they are "volatile" and they may well leave traces on the PC's hard disk. Your reply to joakim: May not be entirely true. Certain PE implementations like the earlier System Internals ERD and the later DaRT leave something, at least a folder and possibly some registry entry. I never did do a formal test of this so I am just guessing that it is a date/time/stamp tattoo. A proper audit should be done to see what if anything persists. A perfectly sterile forensic PE tool should leave nothing on the target system without prompting. seemed to imply that anything in the original thread or specifically in joakim's reply was related to "a perfectly sterile forensic tool" or that you considered ERD or MSDart a "perfectly sterile forensic PE tool" (which they are not). Hence the idea that you were mixing together different things. Consider this carpenter's example : joakim: When you paint your walls, no traces are left once you have removed the bucket of paint, the ladder, the brushes and the paper you used to protect the floor. CTH: Hah, but last time I spray painted my room I found tiny drops of paint on the windows. A perfect sanitization of a hospital room should leave no traces. jaclaz: CTH, joakim was talking of painting the walls, and of painting them with brushes, not about spray painting them and not about hospital rooms. jaclaz

What if the name "PRISM" actually came from an actual prism splitter of optical fibers? An unrelated image , just to provide some colour to this post : A more related (but dullish) image B) : Some actual references : http://www.huffingtonpost.com/2013/06/06/nsa-prism-data-mining_n_3399310.html http://seattletimes.com/html/politics/2004001159_spying08.html http://en.wikipedia.org/wiki/Mark_Klein https://www.eff.org/files/filenode/att/SER_klein_decl.pdf At least it would make sense lexically. jaclaz

Charlotte, sorry to say so , but you are seemingly talking of things that you have (evidently) not much experience with, mixing liberally different things. There are tens of valid "forensic" Linux Distro's. And at least one, the WinFE, based on NT PE technology. Everyone can build a WinFE from their (licensed) Windows 7 (or 8 ) sources or WAIK, contrary of what dencorso thinks not only through the Winbuilder .scripts/projects, but also "manually", after all the "whole" thing are a couple Registry keys, a couple references: http://praetorianprefect.com/archives/2010/04/winpe-3-0-forensics/ Among the forensics Linux distro's I personally like Caine: http://www.caine-live.net/ BUT the WHOLE point of a "sterile forensics tool" is that it is READ ONLY on the "target" PC's devices, so it is NOT suitable for "repair" (which a "normal" PE or ERD is). Carpenter's comparison : A syringe (and it's needle) is a sterile medical tool, a hammer is a non-sterile carpenter's tool, to plant nails into wood you use hammers and not syringes. jaclaz

Yep, it sure can happen to any and all manufacturers, it's just a matter - as I see it - to not buy the latest model and check what has happened to others that got the model you want to buy. Particularly in this case, I have BAD news Seagate is NOW Samsung, any drive you buy next can be either Samsung or Seagate (or both or viceversa or *whatever*) , example: http://forum.hddguru.com/viewtopic.php?f=1&t=25629 About cables, you have to think about the frequencies involved, if you think about it almost every component in a modern PC is dealing with frequencies that are in the radio (or TV) ranges and above them, I suspect that even a very slightly defect in shielding or insulation of a cable (like the SATA ones) can produce an issue, which BTW may also be "local", in the sense that the same cable in a different case (and possibly with a different set of bends) may work alright, or by simply straightening it before re-installing it the tiny defect "mends itself". You'll never know. Think at the good ol' times when you had snow on your TV set if a connector or shielding was even slightly defective... (progress is that when the same happens on DTV you either have "random" pixelization or downright completely loose the image ). jaclaz

As a matter of fact a sterile forensic PE tool cannot even mount hard disks like devices, as windows (also a PE ) will write the Disk Signature to the disk (if there isn't already one). http://www.forensicswiki.org/wiki/WinFE http://www.ramsdens.org.uk/ http://winfe.wordpress.com/ But the point is different, the kernel is loaded with the /minint switch that makes a lot of things (including the Registry) "volatile", thus you need an "external" way/method/tool/whatever to "keep" the changes. As an example you can install a program in a PE alright, but unless you run a backup tool on the Registry (and you replace the previous Registry with the saved one before rebooting to that PE through some "other" OS), at reboot everything that was in the Registry will be gone. Do not confuse "completely read only" with "volatile" . jaclaz

@buyerninety You can stamp your feet as long and as hard as you want , but if the flashing program runs under DOS, it runs under DOS and DOS has no way to distinguish a floppy from a floppy image loaded to memory by grub4dos or from an El-Torito floppy emulation. If the recovery bootblock is used instead, then that is another thing. If the flashing program does NOT run under DOS (i.e. it is a self-booting file, a windows .exe or *whatever*), again it's another thing. jaclaz

Naah , they have satellites to do that, since years. jaclaz

That's why they are making 'em smaller and insect like , the damages in case of collision will be neglectable . jaclaz