Re: Forensics CD (was: Re: Strange Folder

[robjeh () wanadoo nl]

Its allso handy to have a Bootable Dos CD with NTFS for dos for 
editing/repairing files in dos, if you need the free version with w2k support 
just mail me and i'll upload my rescue disk with other utils included ( 14 MB ).

> "Meritt James" <meritt_james () bah com> wrote in response to me:
>
> [ ... Kit of tools on a CD-ROM ... ]
>
> > REAL good suggestion!  Any specific recommendations as to what should be
> > on the CD?
>
> Thanks!  I think I picked up the idea from someone on this list, as a
> matter of fact.  I wish I could remember who.
>
> Here's what I have on mine at the moment:
>
> bintext.exe   (http://www.foundstone.com)  Reads ASCII, unicode, and
>               resource strings in a binary.  The equivalent of 'strings'
>               in unix.
>               
> fport.exe     (http://www.foundstone.com)  Reports open ports, PID of
>               the process listening on them, and the path to the 
>               program.
>               
> handle.exe    (http://www.sysinternals.com)  Reports what files are open
>               by what processes.
>               
> listdlls.exe  (http://www.sysinternals.com)  List the DLLs that are open,
>               the path to the DLL, and the version number.
>               
> netstat.exe   A copy of netstat from the W2K operating system.
>
> netstat95.exe Another copy of netstat from the W95 operating system.
>
> patchit.exe   (http://www.foundstone.com)  Binary file byte-patching
>               program.
>               
> procexp.exe   (http://www.sysinternals.com)  Shows what files, registry
>               keys, and other objects processes have open, along with
>               process ownership.
>
> regmon.exe    (http://www.sysinternals.com)  Monitors registry activity
>               in real time.
>
> showin.exe    (http://www.foundstone.com)  Shows information about hidden
>               or disabled windows that exist on the desktop.  ( I had
>               no idea .... )
>               
> tcpview.exe   (http://www.sysinternals.com)  Shows all TCP and UDP end-
>               points.  On WinNT and above it shows what process owns the
>               endpoint.
>
> I've borrowed much of the wording in these descriptions from the respective
> websites, but I don't think they'll mind since I'm bragging about their
> stuff.  It's all free, by the way, and I'm just a satisfied user.  ;-)
>
> There's a lot more than this available, but some of it is OS-specific and
> may not be useful to you.  Personally, I'd put just about anything on my
> forensics CD that I thought might ever be useful to me.  One word of
> advice,
> though:  Most of us probably don't do forensics as our day job, and some
> time may pass between making the disk and using it.  I therefore set up
> a convenient 'bin' directory with all the executables on mine, and put all
> the raw stuff, readmes, etc., in separate directories named for each
> utility.
> That way remembering what each one is good for and where I got it isn't so
> difficult.
>
> Best regards,
>
> Neil Dickey, Ph.D.
> Research Associate/Sysop
> Geology Department
> Northern Illinois University
> DeKalb, Illinois
> 60115
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management 
> and tracking system please see: http://aris.securityfocus.com





__________________________________________________________


Nieuw: Wanadoo ADSL Lite voor 27,95 euro per maand!



Meer informatie: http://www.wanadoo.nl/adsl

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com