Educause Security Discussion mailing list archives

Re: Forensics Tools

From: Kevin Wilcox <wilcoxkm () APPSTATE EDU>
Date: Tue, 23 Sep 2014 11:39:46 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On 23/09/14, 11:17, Thomas Carter wrote:

I'm looking for good forensics tools for dealing with an
individual's laptop. Specifically looking for changes /deletions
/etc.  I do realize the minefield this can be, and will be done at
the request of, and in conjunction with, the HR department and
school lawyers. Are there any packages anyone has used in the past
they can recommend?


I am a BIG fan of the tools in the SANS SIFT. log2timeline is
_incredible_ for that use.

kmw
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)

iEYEARECAAYFAlQhlEIACgkQsKMTOtQ3fKEjzwCfW/7Le30ozCIZP87SLJvwjjnt
7tEAoLEulf0GahsM3NeFbhWcyjqUd17k
=U5rn
-----END PGP SIGNATURE-----

Current thread:

Forensics Tools Thomas Carter (Sep 23)
- FW: Forensics Tools Thomas Carter (Sep 23)
- Re: Forensics Tools Shawn Merdinger (Sep 23)
  - Re: Forensics Tools Alex Waitkus (Sep 23)
- Re: Forensics Tools Kevin Wilcox (Sep 23)
- Re: Forensics Tools Juan Hernández Serrano (Sep 23)
  - Re: Forensics Tools Bradley, Stephen (Sep 23)
  - Re: Forensics Tools Kevin Wilcox (Sep 23)
- Re: Forensics Tools Daniels, Shane R (Sep 23)
  - Re: Forensics Tools Ward, Michael (Sep 24)