Security Basics mailing list archives

Re: forensics tools - preserving data?

From: GuidoZ <uberguidoz () gmail com>
Date: Tue, 5 Oct 2004 00:03:51 -0700

There are a myraid of forensic tools out there free for the taking.
Being I'm not fully versed in them all, I'll just toss up some links
and let you decide which might work the best. =)

PHLAK (Pro Hackers Linux Assult Kit)
 - http://www.phlak.org/

Penguin Sleuth
 - http://www.linux-forensics.com/

Knoppix-std (Security Tools Distrobution
 - http://www.knoppix-std.org/

L.A.S. (Local Area Security)
 - http://www.localareasecurity.com/

NST (Network Security Toolkit
 - http://www.networksecuritytoolkit.org/

Those are my favs. I saved the best link for last however. Some quick
"CTRL+F" searching on this page should prove to be quite useful...

List of Live CDs (Linux, all types)
 - http://www.frozentech.com/content/livecd.php

Best of luck in your quest. I've had quite a bit of luck with both
Penguin Sleuth and PHLAK when it comes to data forensics. There was
another one that I wish I could remember... it was posted to this
list. It's bookmarked on a different system unfortunately.

Finally, hopefully Harlan Carvey will pipe up and share his expertise.
See http://www.windows-ir.com/ for more info.

--
Peace. ~G


On 4 Oct 2004 17:44:06 -0000, Dana Rawson <absolutezero273c () nzoomail com> wrote:



G'Day All,

Before I begin, I wanted to thank everyone who had provided me with direction on my last post regarding pgp.

Hopefully I have as simple a question as before.

I have a client who recently had to terminate an employee and part of their decision was based on dereliction of 
duty.  Basically too much time spent surfing the internet and not performing her expected duties.

They have asked me to gather the internet history, temporary internet directory files, etc.

I can pull up the files, archive them and explain the information to them.  But how do I go about extracting the 
information (i.e. The internet address of the many files that lie in the temp internet dir) so I am able to present 
it in acceptable fashion that they might use it in a court of law as evidence should it come to that.

I have been looking but can't seem to find what I think I need.  I have located tools on 
http://www.networkintrusion.co.uk/fortools.htm

 and see that NetAnalysis might prove useful but appears to be overkill.  Or is this exactly what I need?

Thanks in advance, again.

Current thread:

forensics tools - preserving data? Dana Rawson (Oct 04)
- Re: forensics tools - preserving data? GuidoZ (Oct 05)
- RE: forensics tools - preserving data? Oscar Kooijman (Oct 05)
- Re: forensics tools - preserving data? Barrie Dempster (Oct 06)
- <Possible follow-ups>
- RE: forensics tools - preserving data? Beauford, Jason (Oct 06)
  - Re: forensics tools - preserving data? GuidoZ (Oct 06)
- RE: forensics tools - preserving data? Ghaith Nasrawi (Oct 06)
- Re: forensics tools - preserving data? H Carvey (Oct 07)
  - Re: forensics tools - preserving data? GuidoZ (Oct 08)