Security Basics mailing list archives

RE: forensics tools - preserving data?

From: "Beauford, Jason" <jbeauford () EightInOnePet com>
Date: Tue, 5 Oct 2004 14:16:31 -0400

Helix is good too.

http://www.e-fense.com/helix/

JMB

-----Original Message-----
From: GuidoZ [mailto:uberguidoz () gmail com] 
Sent: Tuesday, October 05, 2004 3:04 AM
To: Dana Rawson
Cc: security-basics () securityfocus com
Subject: Re: forensics tools - preserving data?

There are a myraid of forensic tools out there free for the taking.
Being I'm not fully versed in them all, I'll just toss up some links and
let you decide which might work the best. =)

PHLAK (Pro Hackers Linux Assult Kit)
 - http://www.phlak.org/

Penguin Sleuth
 - http://www.linux-forensics.com/

Knoppix-std (Security Tools Distrobution
 - http://www.knoppix-std.org/

L.A.S. (Local Area Security)
 - http://www.localareasecurity.com/

NST (Network Security Toolkit
 - http://www.networksecuritytoolkit.org/

Those are my favs. I saved the best link for last however. Some quick
"CTRL+F" searching on this page should prove to be quite useful...

List of Live CDs (Linux, all types)
 - http://www.frozentech.com/content/livecd.php

Best of luck in your quest. I've had quite a bit of luck with both
Penguin Sleuth and PHLAK when it comes to data forensics. There was
another one that I wish I could remember... it was posted to this list.
It's bookmarked on a different system unfortunately.

Finally, hopefully Harlan Carvey will pipe up and share his expertise.
See http://www.windows-ir.com/ for more info.

--
Peace. ~G

On 4 Oct 2004 17:44:06 -0000, Dana Rawson
<absolutezero273c () nzoomail com> wrote:



G'Day All,

Before I begin, I wanted to thank everyone who had provided me with 
direction on my last post regarding pgp.

Hopefully I have as simple a question as before.

I have a client who recently had to terminate an employee and part of 
their decision was based on dereliction of duty.  Basically too much 
time spent surfing the internet and not performing her expected 
duties.

They have asked me to gather the internet history, temporary internet 
directory files, etc.

I can pull up the files, archive them and explain the information to 
them.  But how do I go about extracting the information (i.e. The 
internet address of the many files that lie in the temp internet dir) 
so I am able to present it in acceptable fashion that they might use 
it in a court of law as evidence should it come to that.

I have been looking but can't seem to find what I think I need.  I 
have located tools on http://www.networkintrusion.co.uk/fortools.htm

 and see that NetAnalysis might prove useful but appears to be 
overkill.  Or is this exactly what I need?

Thanks in advance, again.

Current thread:

forensics tools - preserving data? Dana Rawson (Oct 04)
- Re: forensics tools - preserving data? GuidoZ (Oct 05)
- RE: forensics tools - preserving data? Oscar Kooijman (Oct 05)
- Re: forensics tools - preserving data? Barrie Dempster (Oct 06)
- <Possible follow-ups>
- RE: forensics tools - preserving data? Beauford, Jason (Oct 06)
  - Re: forensics tools - preserving data? GuidoZ (Oct 06)
- RE: forensics tools - preserving data? Ghaith Nasrawi (Oct 06)
- Re: forensics tools - preserving data? H Carvey (Oct 07)
  - Re: forensics tools - preserving data? GuidoZ (Oct 08)