Quote:
|
Originally Posted by taos
Running application has not more powerfull than Blinread, Alcohol, etc.
|
I agree with this but I want to mention that many cd drives and even some software incorporate Error Correction and sometimes ECC ( Error Correction Codes) with some redundant data (maybe in the form of PURPOSELY made unreadable sectors etc). So, sometimes the data may ALL be recoverable or an image can be made but the SECTOR TO SECTOR mapping may not be possible.
So its a VERY simple case wherein a prog can check whether a particular unreadable sector (of REDUNDANT data) is present on the CD or not. IF it is present, the prog runs. Else it exits or crashes. The Mass Burnt CDs can incorporate it. But our CD image, though it has ALL the data (and hence even the md5 checksum also maybe same in some cases), it still can't have the unreadable sectors etc ( I remember that alcohol etc can emulate bad sectors and sub-channel data, but still it sometimes fails...)
Quote:
|
Originally Posted by LaBBa
how do i search for the dump data that i have in the original CD so i will know it's position ??
|
I believe that WinHex 11 and above can do the direct sector reading and dumping quite well (though I haven't used it for quite some time)
Also I believe you can download and use the Rootkit Unhooker from this site:
http://www.antirootkit.com/software/RootKit-Unhooker.htm
to search for any suspicious processes and remove any hidden toolkits.