Re: Use of Rapier / RPier

["Gargac. Jeff" <jgargac () MARYVILLE EDU>]

James,

Some of the files that are missing may be for modules that the tools haven't been included with the Rapier program due 
to licensing restrictions.  You may have to download the individual programs separately and copy them into the Rapier 
folder.  I believe that these modules appear in red if the files are missing

I have tested it on Windows XP successfully.  However, certain tools may require administrator rights to run properly.

The tools that you use for live response will vary depending on the information that you need to acquire and the 
footprint that they leave on the system.  I would suggest that you look at the Helix Live CD as well.  They have moved 
to a subscription program, but you may be able to find a mirror that still hosts the free version of the cd.  Feel free 
to contact me directly if you need more information. 

Jeff Gargac
Microcomputer and Security Specialist
Maryville University of Saint Louis
650 Maryville University Drive
Saint Louis, MO  63141
314-529-9226 (Office)
314-529-9976 (Fax)
jgargac () maryville edu

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of James 
Moore
Sent: Friday, July 17, 2009 11:05 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Use of Rapier / RPier

I didn't have a chance to look at Rapier until recently.  And, as is
often the case, the opportunity to learn new tools comes from a need,
where things in my existing toolbox don't quite fit.  

Is there a place it is being maintained other than
http://code.google.com/p/rapier/, or does it still work pretty well (and
on which versions of Windows).  

The package on code.google.com shows that it is missing files when run.
What does that mean, from a practical view, from people who use rapier?
I am ignoring those things for now.  But I wonder if Rapier is worth
learning, or if I should look for a better live incident response tool
that gathers some initial stats. (And is there one?)

Jim


- - - -
Jim Moore, CISSP, IAM
Senior Information Security Forensic Investigator
Rochester Institute of Technology
151 Lomb Memorial Drive
Rochester, NY 14623-5603
(585) 475-5406 (office)
(585) 255-0809 (Cell - Incident Reporting & Emergencies)
(585) 475-7920 (fax)


If you consciously try to thwart opponents, you are already late.
Miyamoto Musashi, Japanese philosopher/samurai, 1645


Risk comes from not knowing what you're doing. -Warren Buffet

CONFIDENTIALITY NOTE: The information transmitted, including
attachments, is intended only for the person(s) or entity to which it is
addressed and may contain confidential and/or privileged material. Any
review, retransmission, dissemination or other use of, or taking of any
action in reliance upon this information by persons or entities other
than the intended recipient is prohibited. If you received this in
error, please contact the sender and destroy any copies of this
information