Re: Light forensics

["Adrian Puente Z." <puenteadrian () gmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Eduardo Sierra wrote:
> Hi,
>
> We had a security incident, and i'm doing a "light" forensics.
>
> Is there a log you can check to see IP Address Changes in a Windows XP Box?
Well logging in Windows XP is really lame, in my little experience with
Windows Incidents the Event Viewer shows you all the logs the system
uses. Maybe I am wrong but I believe that maybe the Windows Registry
keeps something.

> Any good free tool to undelete files?
Free Apps in windows systems y really rare. But I recommend GetdataBack
http://www.runtime.org/data-recovery-software.htm

It always have worked for me, I haven't found any good NTFS free
recovery tool.
> Many thanks,
>
> Eduardo Sierra
>
> ------------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
> and CEPT certs require a full practical examination in order to become certified. 
>
> http://www.iacertification.org
> ------------------------------------------------------------------------

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAktFjzIACgkQW2tF/eN2yfYPAgCcC81XoSwgemuRzdElVNWWL3on
0MMAnAnqlVZgSVSpjVVUNLr8AQsQ6d4H
=0/o2
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------