Re: Use of Rapier / RPier

[Zach Jansen <zjanse20 () CALVIN EDU>]

I haven't used RAPIER as of yet so I can't speak to it's usefulness. I have been playing around with the MIR-ROR script 
here: http://mirror.codeplex.com/  It uses mostly sysinternals tools to grab information. It's actually just a batch 
script, so it's not fancy but it's easy to update and modify. It's also focuses solely on malware type incidents, so if 
you need something that grabs browser history or system memory, you'll be adding those components yourself. 

If you have some funds available the Live Response drive from e-fense looks intriguing. I haven't used it extensively, 
but from some small use it seems to be a nice packaging of tools to grab standard incident response data. 


Zach
-- 

Zach Jansen
Information Security Officer
Calvin College
Phone: 616.526.6776
Fax: 616.526.8550

> > > On 7/17/2009 at 12:04 PM, in message
<4CEC4454520FE64BB1A2A9C03B8A8EFD04684E49 () svits26 main ad rit edu>, James Moore
<jhmiso () RIT EDU> wrote:
> I didn't have a chance to look at Rapier until recently.  And, as is
> often the case, the opportunity to learn new tools comes from a need,
> where things in my existing toolbox don't quite fit.  
>
> Is there a place it is being maintained other than
> http://code.google.com/p/rapier/, or does it still work pretty well (and
> on which versions of Windows).  
>
> The package on code.google.com shows that it is missing files when run.
> What does that mean, from a practical view, from people who use rapier?
> I am ignoring those things for now.  But I wonder if Rapier is worth
> learning, or if I should look for a better live incident response tool
> that gathers some initial stats. (And is there one?)
>
> Jim
>
>
> - - - -
> Jim Moore, CISSP, IAM
> Senior Information Security Forensic Investigator
> Rochester Institute of Technology
> 151 Lomb Memorial Drive
> Rochester, NY 14623-5603
> (585) 475-5406 (office)
> (585) 255-0809 (Cell - Incident Reporting & Emergencies)
> (585) 475-7920 (fax)
>
>
> If you consciously try to thwart opponents, you are already late.
> Miyamoto Musashi, Japanese philosopher/samurai, 1645
>
>
> Risk comes from not knowing what you're doing. -Warren Buffet
>
> CONFIDENTIALITY NOTE: The information transmitted, including
> attachments, is intended only for the person(s) or entity to which it is
> addressed and may contain confidential and/or privileged material. Any
> review, retransmission, dissemination or other use of, or taking of any
> action in reliance upon this information by persons or entities other
> than the intended recipient is prohibited. If you received this in
> error, please contact the sender and destroy any copies of this
> information