S
Stuart Langley
Hi All,
Does anybody know if it is possible to read the original contents at
run time of a file that might have been modified on a EWF protected
volume using a ram based overlay.
I need to be able to verify the original contents of a file on demand,
even though it may have been altered by the running OS. ( I am
thinking mainly registry/log files here ).
I intend to veryify the contents using a stored hash recorded
previously.
Thanks In Advance,
Stuart
Does anybody know if it is possible to read the original contents at
run time of a file that might have been modified on a EWF protected
volume using a ram based overlay.
I need to be able to verify the original contents of a file on demand,
even though it may have been altered by the running OS. ( I am
thinking mainly registry/log files here ).
I intend to veryify the contents using a stored hash recorded
previously.
Thanks In Advance,
Stuart