Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

re: tools used to examine a computer

From: H C <keydet89 () yahoo com>
Date: Mon, 17 Feb 2003 05:17:49 -0800 (PST)
Joshua,


I was able to copy some files over the network

before I 

took the computer into custody. What tools are out

there 

that can really be helpful in monitoring/forensics.


It really depends on what you want to do.  As far as
forensics goes, there have been some good
recommendations from EnCase and commercial tools to
freeware such as TCT, Autopsy, and TASK.  

If the system you're working with is Windows
(NT/2K/XP), there are plenty of things you can do. 
You can collect a great deal of volatile information
from the system (processes, ports, process-to-port
mappings, etc) with a wide variety of freeware tools. 
Grabbing that information and analyzing it can tell
you what, if anything, is wrong with the system. 
Pslist, handle, and listdlls from SysInternals, fport
from Foundstone and the native netstat can be used,
and then procdmp.pl from http://patriot.net/~carvdawg
can be used to consolidate the process information out
into an HTML file (example output file
http://patriot.net/~carvdawg/pd.html).

HTH

__________________________________________________
Do you Yahoo!?
Yahoo! Shopping - Send Flowers for Valentine's Day
http://shopping.yahoo.com
Previous By Date Next
Previous By Thread Next

Current thread: