Re: Gathering volatile information

[Russell Fulton <r.fulton () auckland ac nz>]

On Wed, 2005-04-13 at 12:01 +0000, Bob the Builder wrote:

> In the Unix environment there seem to be various lists of bits and pieces 
> but no really definitive list of commands related to gathering volatile 
> information that you should and shouldn't run and what types of things they 
> are likely to interfere with. Am I missing something here, does just such a 
> list exist and I'm just not looking in the right place, or is it about time 
> somone set about righting one? I'm not talking about a religious argument on 
> the merits of what stage a machine should be taken offline at but more what 
> the volatile data gathering options are that are available to you if as in 
> incident handler you need them.

Have you had a look at "The coroners toolkit":
http://www.porcupine.org/forensics/tct.html

Attachment: smime.p7s
Description: