Re: forensics tools - preserving data?

[GuidoZ <uberguidoz () gmail com>]

THAT'S the one I couldn't remember off hand! Thanks Jason. =)

(Helix is the one I had bookmarked that I had learned about through
this list, or possibly another SecFocus list.) Appreciate it - was
bugging me. =P

--
Peace. ~G


On Tue, 5 Oct 2004 14:16:31 -0400, Beauford, Jason
<jbeauford () eightinonepet com> wrote:
> Helix is good too.
>
> http://www.e-fense.com/helix/
>
> JMB
>
>
>
> -----Original Message-----
> From: GuidoZ [mailto:uberguidoz () gmail com]
> Sent: Tuesday, October 05, 2004 3:04 AM
> To: Dana Rawson
> Cc: security-basics () securityfocus com
> Subject: Re: forensics tools - preserving data?
>
> There are a myraid of forensic tools out there free for the taking.
> Being I'm not fully versed in them all, I'll just toss up some links and
> let you decide which might work the best. =)
>
> PHLAK (Pro Hackers Linux Assult Kit)
>  - http://www.phlak.org/
>
> Penguin Sleuth
>  - http://www.linux-forensics.com/
>
> Knoppix-std (Security Tools Distrobution
>  - http://www.knoppix-std.org/
>
> L.A.S. (Local Area Security)
>  - http://www.localareasecurity.com/
>
> NST (Network Security Toolkit
>  - http://www.networksecuritytoolkit.org/
>
> Those are my favs. I saved the best link for last however. Some quick
> "CTRL+F" searching on this page should prove to be quite useful...
>
> List of Live CDs (Linux, all types)
>  - http://www.frozentech.com/content/livecd.php
>
> Best of luck in your quest. I've had quite a bit of luck with both
> Penguin Sleuth and PHLAK when it comes to data forensics. There was
> another one that I wish I could remember... it was posted to this list.
> It's bookmarked on a different system unfortunately.
>
> Finally, hopefully Harlan Carvey will pipe up and share his expertise.
> See http://www.windows-ir.com/ for more info.
>
> --
> Peace. ~G
>
> On 4 Oct 2004 17:44:06 -0000, Dana Rawson
> <absolutezero273c () nzoomail com> wrote:
> > G'Day All,
> >
> > Before I begin, I wanted to thank everyone who had provided me with
> > direction on my last post regarding pgp.
> >
> > Hopefully I have as simple a question as before.
> >
> > I have a client who recently had to terminate an employee and part of
> > their decision was based on dereliction of duty.  Basically too much
> > time spent surfing the internet and not performing her expected
> > duties.
> >
> > They have asked me to gather the internet history, temporary internet
> > directory files, etc.
> >
> > I can pull up the files, archive them and explain the information to
> > them.  But how do I go about extracting the information (i.e. The
> > internet address of the many files that lie in the temp internet dir)
> > so I am able to present it in acceptable fashion that they might use
> > it in a court of law as evidence should it come to that.
> >
> > I have been looking but can't seem to find what I think I need.  I
> > have located tools on http://www.networkintrusion.co.uk/fortools.htm
> >
> >  and see that NetAnalysis might prove useful but appears to be
> > overkill.  Or is this exactly what I need?
> >
> > Thanks in advance, again.