Sunk
January 26th, 2012, 18:25
I've heard good things about CoreRestore, but I can't find it anymore... so are there any alternatives hardware solutions for easily restoring a hard drive to a previous state?
View Full Version : CoreRestore alternative?
Woodmann
January 26th, 2012, 22:50
Howdy,
There are no NEW viable hardware solutions that I know of at this moment.
You might have some luck finding some used stuff.
May I ask why are you looking for such a thing?
There are plenty of alternatives depending on what
you are trying to accomplish.
Woodmann
There are no NEW viable hardware solutions that I know of at this moment.
You might have some luck finding some used stuff.
May I ask why are you looking for such a thing?
There are plenty of alternatives depending on what
you are trying to accomplish.
Woodmann
Sunk
January 27th, 2012, 07:36
Since a lot of malware can detect running in a VM, I'm interested in a quick way to restore a hard drive to a previous state. Are there cheaper ways to do it that work just as well?
Woodmann
January 27th, 2012, 22:55
Howdy,
Do it in a raid array and pull out the other drive before you begin ?
Get better VM tools to prevent leakage ?
I'm just guessing now. I do mal stuff on a separate box now that is
not connected to anything so there is no risk of cross infection.
Then again, I have very little patience with such things.
Woodmann
Do it in a raid array and pull out the other drive before you begin ?
Get better VM tools to prevent leakage ?
I'm just guessing now. I do mal stuff on a separate box now that is
not connected to anything so there is no risk of cross infection.
Then again, I have very little patience with such things.
Woodmann
Sunk
January 28th, 2012, 10:19
I'd use VMs, but a lot of malware can detect that and alter its behavior so the cool thing about CoreRestore (as I understand it) is it was a hardware card that let you use a real OS and still get the ability to quickly rollback changes like what VMs provide. I don't know how much it costs or if it is even available anymore.
Have you or anyone ever tried SteadyState for reverse engineering? I wonder how common it is for malware to detect that.
Quote:
| Behavioral Analysis Be ready to revert to good state via dd, VMware snapshots, CoreRestore, Ghost, SteadyState, etc. http://zeltser.com/reverse-malware/reverse-malware-cheat-sheet.html |
Have you or anyone ever tried SteadyState for reverse engineering? I wonder how common it is for malware to detect that.
Woodmann
January 28th, 2012, 21:51
Steady State is no better then any other software solution.
CoreRestore has been dead for quite some time.
Those folks were ahead of their time when they came out with it.
The only way to be 100% safe is to get another box and dont
connect it to anything in a network.
Download your mals and dont ever use any external device.
No usb, external drive and no cd/dvd's that you would use in
a clean machine.
Everything that touches an infected machine should never touch
anything else.
Am I being super safe ? YES. Are you concerned with contamination
from a leaked VM ? YES.
So that will be the only way to do what you want.
Woodmann
You still sure you dont want a VM ?
CoreRestore has been dead for quite some time.
Those folks were ahead of their time when they came out with it.
The only way to be 100% safe is to get another box and dont
connect it to anything in a network.
Download your mals and dont ever use any external device.
No usb, external drive and no cd/dvd's that you would use in
a clean machine.
Everything that touches an infected machine should never touch
anything else.
Am I being super safe ? YES. Are you concerned with contamination
from a leaked VM ? YES.
So that will be the only way to do what you want.
Woodmann
You still sure you dont want a VM ?
Powered by vBulletin® Version 4.2.2 Copyright © 2018 vBulletin Solutions, Inc. All rights reserved.