Security Basics mailing list archives
Re: forensics tools - preserving data?
From: GuidoZ <uberguidoz () gmail com>
Date: Tue, 5 Oct 2004 16:38:40 -0700
THAT'S the one I couldn't remember off hand! Thanks Jason. =) (Helix is the one I had bookmarked that I had learned about through this list, or possibly another SecFocus list.) Appreciate it - was bugging me. =P -- Peace. ~G On Tue, 5 Oct 2004 14:16:31 -0400, Beauford, Jason <jbeauford () eightinonepet com> wrote:
Helix is good too. http://www.e-fense.com/helix/ JMB -----Original Message----- From: GuidoZ [mailto:uberguidoz () gmail com] Sent: Tuesday, October 05, 2004 3:04 AM To: Dana Rawson Cc: security-basics () securityfocus com Subject: Re: forensics tools - preserving data? There are a myraid of forensic tools out there free for the taking. Being I'm not fully versed in them all, I'll just toss up some links and let you decide which might work the best. =) PHLAK (Pro Hackers Linux Assult Kit) - http://www.phlak.org/ Penguin Sleuth - http://www.linux-forensics.com/ Knoppix-std (Security Tools Distrobution - http://www.knoppix-std.org/ L.A.S. (Local Area Security) - http://www.localareasecurity.com/ NST (Network Security Toolkit - http://www.networksecuritytoolkit.org/ Those are my favs. I saved the best link for last however. Some quick "CTRL+F" searching on this page should prove to be quite useful... List of Live CDs (Linux, all types) - http://www.frozentech.com/content/livecd.php Best of luck in your quest. I've had quite a bit of luck with both Penguin Sleuth and PHLAK when it comes to data forensics. There was another one that I wish I could remember... it was posted to this list. It's bookmarked on a different system unfortunately. Finally, hopefully Harlan Carvey will pipe up and share his expertise. See http://www.windows-ir.com/ for more info. -- Peace. ~G On 4 Oct 2004 17:44:06 -0000, Dana Rawson <absolutezero273c () nzoomail com> wrote:G'Day All, Before I begin, I wanted to thank everyone who had provided me with direction on my last post regarding pgp. Hopefully I have as simple a question as before. I have a client who recently had to terminate an employee and part of their decision was based on dereliction of duty. Basically too much time spent surfing the internet and not performing her expected duties. They have asked me to gather the internet history, temporary internet directory files, etc. I can pull up the files, archive them and explain the information to them. But how do I go about extracting the information (i.e. The internet address of the many files that lie in the temp internet dir) so I am able to present it in acceptable fashion that they might use it in a court of law as evidence should it come to that. I have been looking but can't seem to find what I think I need. I have located tools on http://www.networkintrusion.co.uk/fortools.htm and see that NetAnalysis might prove useful but appears to be overkill. Or is this exactly what I need? Thanks in advance, again.
Current thread:
- forensics tools - preserving data? Dana Rawson (Oct 04)
- Re: forensics tools - preserving data? GuidoZ (Oct 05)
- RE: forensics tools - preserving data? Oscar Kooijman (Oct 05)
- Re: forensics tools - preserving data? Barrie Dempster (Oct 06)
- <Possible follow-ups>
- RE: forensics tools - preserving data? Beauford, Jason (Oct 06)
- Re: forensics tools - preserving data? GuidoZ (Oct 06)
- RE: forensics tools - preserving data? Ghaith Nasrawi (Oct 06)
- Re: forensics tools - preserving data? H Carvey (Oct 07)
- Re: forensics tools - preserving data? GuidoZ (Oct 08)