RE: forensics tools - preserving data?

["Oscar Kooijman" <oscar.kooijman () chello nl>]

Hi,

Did you take a look at F.I.R.E. it's a live-CD with a lot of tools, for
example "autospy" wich is "marvalous" for collecting forensic data in a easy
and accepted manner.

Kind regards.
Oscar Kooijman
oscar[DOT]kooijman[AT]chello[DOT]nl
 

> > -----Original Message-----
> > From: Dana Rawson [mailto:absolutezero273c () nzoomail com] 
> > Sent: 04 October 2004 19:44
> > To: security-basics () securityfocus com
> > Subject: forensics tools - preserving data?
> >
> >
> >
> > G'Day All,
> >
> >
> >
> > Before I begin, I wanted to thank everyone who had provided 
> > me with direction on my last post regarding pgp.
> >
> >
> >
> > Hopefully I have as simple a question as before.
> >
> >
> >
> > I have a client who recently had to terminate an employee and 
> > part of their decision was based on dereliction of duty.  
> > Basically too much time spent surfing the internet and not 
> > performing her expected duties.
> >
> >
> >
> > They have asked me to gather the internet history, temporary 
> > internet directory files, etc.
> >
> >
> >
> > I can pull up the files, archive them and explain the 
> > information to them.  But how do I go about extracting the 
> > information (i.e. The internet address of the many files that 
> > lie in the temp internet dir) so I am able to present it in 
> > acceptable fashion that they might use it in a court of law 
> > as evidence should it come to that.
> >
> >
> >
> > I have been looking but can't seem to find what I think I 
> > need.  I have located tools on 
> > http://www.networkintrusion.co.uk/fortools.htm
> >
> > and see that NetAnalysis might prove useful but appears to 
> > be overkill.  Or is this exactly what I need?
> >
> >
> >
> > Thanks in advance, again.