Security Incidents mailing list archives
Re: NKADM rootkit - Something new?
From: "Robert P. McKenzie" <rmckenzi () rpmdp com>
Date: Thu, 27 May 2004 10:54:25 -0400
Paul Schmehl wrote:
Since I posted my response in this thread, I've gotten several requests for my "tool list". There's really nothing magical about it.
You might want to consider Knoppix instead. It comes with a boatload of extra stuff you won't use for forensics, but it's a good way to get familiar with unix, if you're not already. It even has a working version of snort with ACID!Go to http:www.knoppix.net/ for more information.
The tools listed are all indeed very good tools. I might also suggest getting a copy of the bootable linux CD offered by: http://insert.cd
This has all the tools of knoppix and likely some more (they will hopefully be adding more forensic tools in the next release), and it's only a 51 meg ISO, fits onto business card type cd's, I use the 200 meg mini cd's myself. With the addition of 2 files from a windows machine, the Captive tool will let you read AND WRITE to NTFS disks. This has become my most favorite recovery CD, mostly because it does the works (fully networked, with support for modems, ISDN, ADSL, etc, etc) and fits on a mini-cd's.
Cheers!!! -- Robert P. McKenzie | GammaRay Technical Services LLC rmckenzi () rpmdp com | rob () gammaray-tech com http://www.uk-experience.com | http://www.gammaray-tech.com
Current thread:
- NKADM rootkit - Something new? Jeremy Pollack (May 26)
- Re: NKADM rootkit - Something new? Brian Eckman (May 26)
- Re: NKADM rootkit - Something new? Harlan Carvey (May 26)
- Re: NKADM rootkit - Something new? Paul Schmehl (May 26)
- Re: NKADM rootkit - Something new? Paul Schmehl (May 27)
- Re: NKADM rootkit - Something new? Robert P. McKenzie (May 27)
- Re: NKADM rootkit - Something new? Pho Man (May 27)
- Re: NKADM rootkit - Something new? Harlan Carvey (May 27)
- RE: NKADM rootkit - Something new? Don Wolf (May 28)
- RE: NKADM rootkit - Something new? Harlan Carvey (May 28)
- Re: NKADM rootkit - Something new? Gadi Evron (May 31)
- Re: NKADM rootkit - Something new? Harlan Carvey (May 26)
- Re: NKADM rootkit - Something new? Brian Eckman (May 26)
- Re: NKADM rootkit - Something new? InfoSec (May 27)
- RE: NKADM rootkit - Something new? Dave Paris (May 28)
- Re: NKADM rootkit - Something new? Tyrano Jones (May 27)
- <Possible follow-ups>
- Re: NKADM rootkit - Something new? caldcv (May 26)