OT: Bitshift, howto
Mike Schwartz
mike.l.schwartz at gmail.com
Wed Mar 7 22:37:25 MST 2007
On 3/7/07, Carlos Macedo Gomes <powerofprimes at gmail.com> wrote:
>
> Hi Eric,
>
> I believe Hex Workshop [1] (a Windows based tool) will do what you
> want. It can handle file and sector circular bitwise shifts in either
> direction and has options for taking into account the data's
> Endian-ness. I'm not sure about doing an entire partition but since
> you can open an entire drive w/ the tool you may be able to do the
> shift. If you have the ability to write the partition to an image
> file (e.g., using something akin to DriveSpy's [2] SavePart command)
> then you can bitshift the image file and possibly achieve your
> objective.
>
> Let me know if this helps or, if not, what alternatives you find as
> I'd be interested in the results. I do some digital forensics support
> at work (for a local Fortune 50) and teach cybercrime/digitalforensics
> at night.
>
> thanks,
> C.G.
>
> [1] http://www.bpsoft.com/
> [2] http://www.digitalintelligence.com/software/disoftware.php
>
> On 3/7/07, evb <dsmntl at cox.net> had written:
> >
> > Sorry for the OT post, but all my other avenues have failed. Thus I am
> > seeking out the advice of the technorati on this list.
> >
> > I would like a tool(Linux or Windows) that would bitshift all bits
> within a
> > defined scope (file/sector/partition/etc). Specifically, I would like a
> > tool that will perform the following operation at the file/sector level:
> > http://en.wikipedia.org/wiki/Circular_shift
> >
> > I already have a tool that will shift bits at the sector level, but only
> if
> > the data is on a floppy disk and only in DOS; other media and Oses are
> not
> > supported. VMWare also is not supported. (That tool is called Anadisk;
> you
> > can find a trial version here, fyi:
> > http://retro.icequake.net/dob/files/bleuge/anadisk.207/).
> >
> > The tool "Winhex" already has a simple feature (Edit > Modify Data >
> > Invert/XOR/RightShiftby1/LeftShiftby1) but for various reasons I cannot
> use
> > it.
> >
> > Any suggestions are appreciated.
> >
> > Eric Van Buskirk
> > Assistant City Prosecutor/CISSP
> > City of Phoenix
> >
> > ---------------------------------------------------
> > PLUG-discuss mailing list - [...]
--
> powerofprimes at gmail.com
> Carlos Macedo Gomes
> _sic itur ad astra_
> ---------------------------------------------------
> PLUG-discuss mailing list - [...]
>
The above answer from "Carlos Macedo Gomes" may put you on track.
"However", if you still need some help, even after that, there is a guy in
town here (at least he used to be) named Grey Staples, who has written
and spoken on this topic, or a similar one, and has probably done this
kind of work.
See "http://www.zoominfo.com/people/Staples_Grey_124400481.aspx".
(Once he spoke on a topic that seems sorta related to this, before the
Phoenix Chapter ACM [see www.acm.org], and I think he even gave
out free samples [paper copies] of the magazine article mentioned
on the web at the above listed URL. The article gave more details than
could reasonably have been fit in to a 1 to 2 hour presentation).
I think his co. is called "Camelback Systems".
(see "http://www.greystaples.com/");
In fact, at "http://www.greystaples.com/article.htm" there is a copy of that
magazine article, mentioned above. However, I seem to remember that the
paper re-prints included pictures or diagrams, which I thought were very
helpful. The plain text (modified/updated though it may be), might seem
kinda dry without the pictures or diagrams.
--
Mike Schwartz
Glendale AZ
schwartz at acm.org
Mike.L.Schwartz at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20070307/e2f54358/attachment.htm
More information about the PLUG-discuss
mailing list