Educause Security Discussion mailing list archives
Re: Use of Rapier / RPier
From: Zach Jansen <zjanse20 () CALVIN EDU>
Date: Fri, 17 Jul 2009 13:31:38 -0400
I haven't used RAPIER as of yet so I can't speak to it's usefulness. I have been playing around with the MIR-ROR script here: http://mirror.codeplex.com/ It uses mostly sysinternals tools to grab information. It's actually just a batch script, so it's not fancy but it's easy to update and modify. It's also focuses solely on malware type incidents, so if you need something that grabs browser history or system memory, you'll be adding those components yourself. If you have some funds available the Live Response drive from e-fense looks intriguing. I haven't used it extensively, but from some small use it seems to be a nice packaging of tools to grab standard incident response data. Zach -- Zach Jansen Information Security Officer Calvin College Phone: 616.526.6776 Fax: 616.526.8550
On 7/17/2009 at 12:04 PM, in message
<4CEC4454520FE64BB1A2A9C03B8A8EFD04684E49 () svits26 main ad rit edu>, James Moore <jhmiso () RIT EDU> wrote:
I didn't have a chance to look at Rapier until recently. And, as is often the case, the opportunity to learn new tools comes from a need, where things in my existing toolbox don't quite fit. Is there a place it is being maintained other than http://code.google.com/p/rapier/, or does it still work pretty well (and on which versions of Windows). The package on code.google.com shows that it is missing files when run. What does that mean, from a practical view, from people who use rapier? I am ignoring those things for now. But I wonder if Rapier is worth learning, or if I should look for a better live incident response tool that gathers some initial stats. (And is there one?) Jim - - - - Jim Moore, CISSP, IAM Senior Information Security Forensic Investigator Rochester Institute of Technology 151 Lomb Memorial Drive Rochester, NY 14623-5603 (585) 475-5406 (office) (585) 255-0809 (Cell - Incident Reporting & Emergencies) (585) 475-7920 (fax) If you consciously try to thwart opponents, you are already late. Miyamoto Musashi, Japanese philosopher/samurai, 1645 Risk comes from not knowing what you're doing. -Warren Buffet CONFIDENTIALITY NOTE: The information transmitted, including attachments, is intended only for the person(s) or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy any copies of this information
Current thread:
- Use of Rapier / RPier James Moore (Jul 17)
- <Possible follow-ups>
- Re: Use of Rapier / RPier Guy Pace (Jul 17)
- Re: Use of Rapier / RPier Zach Jansen (Jul 17)
- Re: Use of Rapier / RPier Gargac. Jeff (Jul 18)