Re: tools to run on compromised linux box

[Adriel Desautels <adriel () netragard com>]

Lister,
	Are you doing this for a system that was compromised and is running on 
your network or are you doing this for your own edification?

	If you are asking this question for the first reason, then you should 
just re-install the system. Once a computer system has been compromised 
the integrity of its software can not guaranteed and as such can not be 
trusted to be safe. Its a waste of time and resources to try to "clean" 
the system, its much more simple (in most cases) to just reinstall.

	If you are asking for your own edification and if this is for research 
then there are many forensic tools that you can use. Check the sleuth 
kit for a good free one. If you want to pay for a commercial tool then 
check encase (but its expensive and if you don't have the experience 
then don't waste your money). There are many and Google is your friend.



Regards,
        Adriel T. Desautels
        Chief Technology Officer
        Netragard, LLC.
        Office : 617-934-0269
        Mobile : 617-633-3821
        http://www.linkedin.com/pub/1/118/a45

        Join the Netragard, LLC. Linked In Group:
        http://www.linkedin.com/e/gis/48683/0B98E1705142

---------------------------------------------------------------
Netragard, LLC - http://www.netragard.com  -  "We make IT Safe"
Penetration Testing, Vulnerability Assessments, Website Security

Netragard Whitepaper Downloads:
-------------------------------
Choosing the right provider : http://tinyurl.com/2ahk3j
Three Things you must know  : http://tinyurl.com/26pjsn


lister () lihim org wrote:
> Can anyone recommend some tools to run on a compromised linux
> box to determine if there is further infestation? (rootkits, etc).