Re: Use of Rapier / RPier

[Guy Pace <gpace () SBCTC EDU>]

Yes, RAPIER is a good tool and useful. Based on Russ McRee's tutorials (from the 2007 ISSA Journal -- 
http://holisticinfosec.org/toolsmith/docs/february2007.pdf) available online, you can set up the tool suite on a USB. 
It should function on any Windows XP or Vista 32-bit platform, as far as I've been able to determine. I haven't tried 
it on a 64-bit Windows, but I suspect some parts may work and some parts may not. Yes, there are a few files missing 
from the code site. Look in the required files text file to ferret out what you still need Google to find the rest. 
McRee's tutorial provides some additional information.

There hasn't been a lot of work done on the product since 3.2, as you can see, since 2007 and the links in the Google 
code site for Intel and the development group go nowhere now. Some of the missing files are being maintained elsewhere 
and have been improved since then. I recommend reading Russ' article. It provides a practical solution using RAPIER and 
the tool is viable until the whole world goes 64-bit.

Guy L. Pace, CISSP 
Security Administrator
Information Technology Division
WA State Board for Community and Technical Colleges (SBCTC) 
3101 Northup Way, Suite 100 
Bellevue, WA 98004 
425-803-9724 
gpace () sbctc edu 


-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of James 
Moore
Sent: Friday, July 17, 2009 9:05 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Use of Rapier / RPier

I didn't have a chance to look at Rapier until recently.  And, as is
often the case, the opportunity to learn new tools comes from a need,
where things in my existing toolbox don't quite fit.  

Is there a place it is being maintained other than
http://code.google.com/p/rapier/, or does it still work pretty well (and
on which versions of Windows).  

The package on code.google.com shows that it is missing files when run.
What does that mean, from a practical view, from people who use rapier?
I am ignoring those things for now.  But I wonder if Rapier is worth
learning, or if I should look for a better live incident response tool
that gathers some initial stats. (And is there one?)

Jim


- - - -
Jim Moore, CISSP, IAM
Senior Information Security Forensic Investigator
Rochester Institute of Technology
151 Lomb Memorial Drive
Rochester, NY 14623-5603
(585) 475-5406 (office)
(585) 255-0809 (Cell - Incident Reporting & Emergencies)
(585) 475-7920 (fax)


If you consciously try to thwart opponents, you are already late.
Miyamoto Musashi, Japanese philosopher/samurai, 1645


Risk comes from not knowing what you're doing. -Warren Buffet

CONFIDENTIALITY NOTE: The information transmitted, including
attachments, is intended only for the person(s) or entity to which it is
addressed and may contain confidential and/or privileged material. Any
review, retransmission, dissemination or other use of, or taking of any
action in reliance upon this information by persons or entities other
than the intended recipient is prohibited. If you received this in
error, please contact the sender and destroy any copies of this
information