Image Files - Safety

Discussion in 'Computer Security' started by jaygreg, Sep 21, 2006.

  1. jaygreg

    jaygreg Guest

    The Acronis image setting on the external drive I was advised to buy for
    backup contains an image file of my computer while it was infected. It also
    contains an Outlook .pst and BCM file I need to retrieve. That image file
    was scanned by the mechanic who put it there and scanned twice by me with
    NOD32. But the file has never been restored to a condition that will permit
    me to remove selected files. I'm about to buy Acronis True Image 9.0 Home
    just for that purpose (it was created with True Image). I don't know what to
    expect when I convert or restore that file. I obviously don't what it
    restored in the true sense of the word because the machine it's on has been
    reformatted, most of the programs and user files reinstalled, and is running
    fine.

    Q1) I'd appreciate a comment about what to expect when this file is
    converted. I want to make sure it stays on that external drive and doesn't
    try to replace what's there now. Of course, I'll read the instructions when
    I download the program this morning but I'd like to get a thumbnail sketch
    of what to expect from someone who has had experience in this area.

    Q2) Can I feel assured - since the image file has been scanned so often,
    that it's safe to copy user files from?
     
    jaygreg, Sep 21, 2006
    #1
    1. Advertising

  2. jaygreg wrote:

    > The Acronis image setting on the external drive I was advised to buy for
    > backup contains an image file of my computer while it was infected. It also
    > contains an Outlook .pst and BCM file I need to retrieve. That image file
    > was scanned by the mechanic who put it there and scanned twice by me with
    > NOD32. But the file has never been restored to a condition that will permit
    > me to remove selected files. I'm about to buy Acronis True Image 9.0 Home
    > just for that purpose (it was created with True Image). I don't know what to
    > expect when I convert or restore that file. I obviously don't what it
    > restored in the true sense of the word because the machine it's on has been
    > reformatted, most of the programs and user files reinstalled, and is running
    > fine.
    >
    > Q1) I'd appreciate a comment about what to expect when this file is
    > converted. I want to make sure it stays on that external drive and doesn't
    > try to replace what's there now. Of course, I'll read the instructions when
    > I download the program this morning but I'd like to get a thumbnail sketch
    > of what to expect from someone who has had experience in this area.


    An expert wouldn't use proprietary formats for backups. I'd used 'dd' and
    'bzip2', such an image would be easily mountable (and even read-only) under
    any operating system.

    > Q2) Can I feel assured - since the image file has been scanned so often,
    > that it's safe to copy user files from?


    No. You should delete every executable (including DLLs, OCXs, ACMs, AXs and
    alike) and you should carefully validate and/or normalize all data (be
    aware that just one little number added to a list of financial transactions
    can have devasting consequences). Of course, an expert would have a list of
    cryptographic checksums of all files from even before the infection, so he
    would be able to spot all changes against the trusted state.
     
    Sebastian Gottschalk, Sep 21, 2006
    #2
    1. Advertising

  3. jaygreg

    jaygreg Guest

    "Sebastian Gottschalk" <> wrote in message
    news:...
    > jaygreg wrote:
    >
    > > The Acronis image setting on the external drive I was advised to buy for
    > > backup contains an image file of my computer while it was infected. It

    also
    > > contains an Outlook .pst and BCM file I need to retrieve. That image

    file
    > > was scanned by the mechanic who put it there and scanned twice by me

    with
    > > NOD32. But the file has never been restored to a condition that will

    permit
    > > me to remove selected files. I'm about to buy Acronis True Image 9.0

    Home
    > > just for that purpose (it was created with True Image). I don't know

    what to
    > > expect when I convert or restore that file. I obviously don't what it
    > > restored in the true sense of the word because the machine it's on has

    been
    > > reformatted, most of the programs and user files reinstalled, and is

    running
    > > fine.
    > >
    > > Q1) I'd appreciate a comment about what to expect when this file is
    > > converted. I want to make sure it stays on that external drive and

    doesn't
    > > try to replace what's there now. Of course, I'll read the instructions

    when
    > > I download the program this morning but I'd like to get a thumbnail

    sketch
    > > of what to expect from someone who has had experience in this area.

    >
    > An expert wouldn't use proprietary formats for backups. I'd used 'dd' and
    > 'bzip2', such an image would be easily mountable (and even read-only)

    under
    > any operating system.
    >
    > > Q2) Can I feel assured - since the image file has been scanned so often,
    > > that it's safe to copy user files from?

    >
    > No. You should delete every executable (including DLLs, OCXs, ACMs, AXs

    and
    > alike) and you should carefully validate and/or normalize all data (be
    > aware that just one little number added to a list of financial

    transactions
    > can have devasting consequences). Of course, an expert would have a list

    of
    > cryptographic checksums of all files from even before the infection, so he
    > would be able to spot all changes against the trusted state.


    >>An expert wouldn't use proprietary formats for backups. I'd used 'dd' and

    'bzip2', such an image would be easily mountable (and even read-only) under
    any operating system.<<

    I really don't know the level of expertise of the guy. He has a shop... I
    had a need at the time... I was up a creek... he said he could help. So he
    made an image of the drive. I assume the "dd" and "bzip2" you refer to are
    two alternative programs? Why would you use them?

    >>No. You should delete every executable (including DLLs, OCXs, ACMs, AXs

    and
    alike) and you should carefully validate and/or normalize all data <<

    I've never used the program so I don't know what to expect. When I get
    Acronis installed on my machine, what do I do next? Select the image file
    and hit some button that converts it to ... whatever? Or do I just go to the
    directory he created, scroll to the directories I think contain what I want
    then convert just them? Or search for every file you listed above plus .exe
    and delete them?

    How do I validate or normalize data?
     
    jaygreg, Sep 22, 2006
    #3
  4. jaygreg wrote:

    > "Sebastian Gottschalk" <> wrote in message
    > news:...
    >> jaygreg wrote:
    >>
    >>> The Acronis image setting on the external drive I was advised to buy
    >>> for backup contains an image file of my computer while it was
    >>> infected. It

    > also


    Would you please fix your quoting? Thanks in advance.

    >> An expert wouldn't use proprietary formats for backups. I'd used 'dd'
    >> and 'bzip2', such an image would be easily mountable (and even
    >> read-only) under any operating system.

    >
    > I really don't know the level of expertise of the guy. He has a shop...
    > I had a need at the time... I was up a creek... he said he could help.
    > So he made an image of the drive.


    The problem is that this shitty software will only allow you to play back
    the image to a drive, but not to mount it separately.

    > I assume the "dd" and "bzip2" you refer to are two alternative programs?


    Well, you really should know how to Google.

    > Why would you use them?


    As I already told you, 'dd' can be used to simply create a bytewise exact
    copy of the raw partition or drive, which then in turn is also trivially
    mountable. Bzip2 obviously serves for data compression.

    >> No. You should delete every executable (including DLLs, OCXs, ACMs, AXs
    >> and alike) and you should carefully validate and/or normalize all data

    >
    > I've never used the program so I don't know what to expect. When I get
    > Acronis installed on my machine, what do I do next? Select the image
    > file and hit some button that converts it to ... whatever?


    AFAIK it doesn't support anything like conversion or mounting or
    extraction, so I'm afraid to tell you that you most liklely need to buy or
    borrow another drive or sufficient size.

    > Or do I just go to the directory he created, scroll to the directories I
    > think contain what I want then convert just them? Or search for every
    > file you listed above plus .exe and delete them?


    Obviously, if you're just interested in data not containing any code at
    all, you can just extract those.

    > How do I validate or normalize data?


    By using the relevant minimalistic tools for the formats and reprocessing
    everything.
    Par example an SVGZ image file would require being decompressed with 'gzip'
    to an uncompressed SVG, then validated with an XML parser against the XML
    format and the SVG DTD, then opened with a comparably minimalistic SVG
    editor (like Inkscape), then saved and recompressed. This procedure would
    ensure that every part of the format follows its specification (the gzip
    stream being valid) and has a normal form (f.e. with all entities in the
    XML part being fully expanded, all superfluos entries discarded), so any
    modified data won't be able to cause havok when being processed later by
    more complex (and therefore potentially more vulnerable) programs.

    Of course it will still require semantic validation. You should take a look
    at your "tax declaration.odt" to ensure that not just only little number
    was added.
     
    Sebastian Gottschalk, Sep 22, 2006
    #4
  5. jaygreg

    jaygreg Guest

    >>Would you please fix your quoting? Thanks in advance.<<
    Sorry, Sebastian. I don't know what you mean. Explain please.

    >>Well, you really should know how to Google.<<

    A simple "Yes" or "No" would suffice. The purpose of language is to
    communicate. not impress. I'm not as familiar with this subject mater as you
    and defer to your expertise. I did Google both, found "Bzip2" compression
    software but in the time I cared to devote to the search, found only
    "designated driver" for "dd" . which I rejected as being your reference.
    Nevertheless, you did go on in your reply to give enough of an explanation
    for me to understand that "dd" is a software program that has the ability to
    include in the copies it makes, all (I assume) the code necessary to put the
    copy back on a clean machine and enable it to execute as it did prior to
    having created the copy.. hopefully after having being "cleaned" in some
    manner by the user.

    >>\AFAIK it doesn't support anything like conversion or mounting or

    extraction, so I'm afraid to tell you that you most likely need to buy or
    borrow another drive or sufficient size.<<

    I did buy another external drive; that's where the image file resides. The
    "mechanic" put it there with Acronis True Image then gave me a copy with the
    key. I don't want to use his copy; I want a legitimate copy; the authors of
    that software deserve their royalties. though the level of profit merchants
    may be "entitled" to could be cause for lengthy discussion judging from the
    range of retail prices for this software.

    >>Obviously, if you're just interested in data not containing any code at

    all, you can just extract those<<

    Awha! Here's my answer! Extracting a user file is all I want to do from what
    I know at this point. The objective is to recover a .pst file from Outlook
    2003 and whatever file I need to make my BCM file (Business Contact Manager
    in Outlook 2003) work again.

    I appreciate your taking time to give me that explanation of the validation
    and normalization process. I hope I never find myself in that desperate a
    need to reconstruct files. If I'm unsuccessful in recovering what I'm after
    at present, I may be angry, but I won't be lost. I can rebuild if necessary.
    No financial data lost. though I am curious about your reference to "tax
    declaration.odt". What the "odt" extension associated with?

    I appreciate your taking the time to help, Sebastian. I got my answer and
    then some. Thank you.

    "Sebastian Gottschalk" <> wrote in message
    news:...
    > jaygreg wrote:
    >
    > > "Sebastian Gottschalk" <> wrote in message
    > > news:...
    > >> jaygreg wrote:
    > >>
    > >>> The Acronis image setting on the external drive I was advised to buy
    > >>> for backup contains an image file of my computer while it was
    > >>> infected. It

    > > also

    >
    > Would you please fix your quoting? Thanks in advance.
    >
    > >> An expert wouldn't use proprietary formats for backups. I'd used 'dd'
    > >> and 'bzip2', such an image would be easily mountable (and even
    > >> read-only) under any operating system.

    > >
    > > I really don't know the level of expertise of the guy. He has a shop...
    > > I had a need at the time... I was up a creek... he said he could help.
    > > So he made an image of the drive.

    >
    > The problem is that this shitty software will only allow you to play back
    > the image to a drive, but not to mount it separately.
    >
    > > I assume the "dd" and "bzip2" you refer to are two alternative programs?

    >
    > Well, you really should know how to Google.
    >
    > > Why would you use them?

    >
    > As I already told you, 'dd' can be used to simply create a bytewise exact
    > copy of the raw partition or drive, which then in turn is also trivially
    > mountable. Bzip2 obviously serves for data compression.
    >
    > >> No. You should delete every executable (including DLLs, OCXs, ACMs, AXs
    > >> and alike) and you should carefully validate and/or normalize all data

    > >
    > > I've never used the program so I don't know what to expect. When I get
    > > Acronis installed on my machine, what do I do next? Select the image
    > > file and hit some button that converts it to ... whatever?

    >
    > AFAIK it doesn't support anything like conversion or mounting or
    > extraction, so I'm afraid to tell you that you most liklely need to buy or
    > borrow another drive or sufficient size.
    >
    > > Or do I just go to the directory he created, scroll to the directories I
    > > think contain what I want then convert just them? Or search for every
    > > file you listed above plus .exe and delete them?

    >
    > Obviously, if you're just interested in data not containing any code at
    > all, you can just extract those.
    >
    > > How do I validate or normalize data?

    >
    > By using the relevant minimalistic tools for the formats and reprocessing
    > everything.
    > Par example an SVGZ image file would require being decompressed with

    'gzip'
    > to an uncompressed SVG, then validated with an XML parser against the XML
    > format and the SVG DTD, then opened with a comparably minimalistic SVG
    > editor (like Inkscape), then saved and recompressed. This procedure would
    > ensure that every part of the format follows its specification (the gzip
    > stream being valid) and has a normal form (f.e. with all entities in the
    > XML part being fully expanded, all superfluos entries discarded), so any
    > modified data won't be able to cause havok when being processed later by
    > more complex (and therefore potentially more vulnerable) programs.
    >
    > Of course it will still require semantic validation. You should take a

    look
    > at your "tax declaration.odt" to ensure that not just only little number
    > was added.
     
    jaygreg, Sep 22, 2006
    #5
  6. jaygreg wrote:

    >>>Would you please fix your quoting? Thanks in advance.<<

    > Sorry, Sebastian. I don't know what you mean. Explain please.


    You're quoting by putting the entire text in tripple brackets instead of
    line quoting it with single brackets. Not even Outlook Express, which
    you're misusing as a newsreader, does such a strange thing on it's own.

    <http://learn.to/quote>

    >>>Well, you really should know how to Google.<<

    > A simple "Yes" or "No" would suffice. The purpose of language is to
    > communicate. not impress. I'm not as familiar with this subject mater as you
    > and defer to your expertise. I did Google both, found "Bzip2" compression
    > software but in the time I cared to devote to the search, found only
    > "designated driver" for "dd" . which I rejected as being your reference.


    Both Bzip2 and 'dd' belong to the Bin Utils, one of the most common
    collection of software utilities on Unix environments, despite also being
    available and very useful on Windows.

    See <http://en.wikipedia.org/wiki/Dd_(Unix)>

    > I did buy another external drive; that's where the image file resides.


    Well, the problem is that you'll need to restore the image to some drive
    for accessing the contained file system, and that's where you need an extra
    drive. Or does Acronis TrueImage offer some methods for extracting data
    directly from the image, or at least mounting it? You need to tell me, I
    don't own this software and neither the operating system it runs on.

    > though I am curious about your reference to "tax
    > declaration.odt". What the "odt" extension associated with?


    OpenDocument, the most common standardized free document exchange format.
     
    Sebastian Gottschalk, Sep 22, 2006
    #6
  7. jaygreg

    jaygreg Guest

    >does Acronis TrueImage offer some methods for extracting data
    directly from the image, or at least mounting it?<

    Hummm. Another good point. I don' know. I haven't bought the software yet
    but I certainly need to get the answer to this one. I'll call that mechanic
    who put the file there. Thanks, Sebastian. And for the references as well.

    "Sebastian Gottschalk" <> wrote in message
    news:...
    > jaygreg wrote:
    >
    >>>>Would you please fix your quoting? Thanks in advance.<<

    >> Sorry, Sebastian. I don't know what you mean. Explain please.

    >
    > You're quoting by putting the entire text in tripple brackets instead of
    > line quoting it with single brackets. Not even Outlook Express, which
    > you're misusing as a newsreader, does such a strange thing on it's own.
    >
    > <http://learn.to/quote>
    >
    >>>>Well, you really should know how to Google.<<

    >> A simple "Yes" or "No" would suffice. The purpose of language is to
    >> communicate. not impress. I'm not as familiar with this subject mater as
    >> you
    >> and defer to your expertise. I did Google both, found "Bzip2" compression
    >> software but in the time I cared to devote to the search, found only
    >> "designated driver" for "dd" . which I rejected as being your reference.

    >
    > Both Bzip2 and 'dd' belong to the Bin Utils, one of the most common
    > collection of software utilities on Unix environments, despite also being
    > available and very useful on Windows.
    >
    > See <http://en.wikipedia.org/wiki/Dd_(Unix)>
    >
    >> I did buy another external drive; that's where the image file resides.

    >
    > Well, the problem is that you'll need to restore the image to some drive
    > for accessing the contained file system, and that's where you need an
    > extra
    > drive. Or does Acronis TrueImage offer some methods for extracting data
    > directly from the image, or at least mounting it? You need to tell me, I
    > don't own this software and neither the operating system it runs on.
    >
    >> though I am curious about your reference to "tax
    >> declaration.odt". What the "odt" extension associated with?

    >
    > OpenDocument, the most common standardized free document exchange format.
     
    jaygreg, Sep 22, 2006
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Bert Roos
    Replies:
    1
    Views:
    569
    Eric Sorenson
    Feb 25, 2004
  2. stockbroker35

    School Safety - Read This about NIFW

    stockbroker35, Oct 14, 2003, in forum: Computer Support
    Replies:
    0
    Views:
    456
    stockbroker35
    Oct 14, 2003
  3. Steve F

    Monitors and UK Health and Safety Law

    Steve F, Dec 9, 2004, in forum: Computer Support
    Replies:
    4
    Views:
    2,134
  4. Olga Smith

    Internet Safety

    Olga Smith, Jun 10, 2005, in forum: Computer Support
    Replies:
    5
    Views:
    445
    Plato
    Jun 11, 2005
  5. Joe Harrison

    Safety of registering with 18866

    Joe Harrison, Jun 25, 2005, in forum: UK VOIP
    Replies:
    16
    Views:
    2,683
    Phil Thompson
    Jun 26, 2005
Loading...

Share This Page