I need to run log2timeline against a CentOS 5 Server but all the examples show it been run against a DD image.
What is the best was of doing this with powering off the Server. All the changes I want to look at happened in the past of not concerned about missing new data.
I take it DD'ing /dev/sda to an external disk is a bad idea on a running system.
[link][2 comments]