Educause Security Discussion mailing list archives
Re: Forensics Tools
From: Kevin Wilcox <wilcoxkm () APPSTATE EDU>
Date: Tue, 23 Sep 2014 11:39:46 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 23/09/14, 11:17, Thomas Carter wrote:
I'm looking for good forensics tools for dealing with an individual's laptop. Specifically looking for changes /deletions /etc. I do realize the minefield this can be, and will be done at the request of, and in conjunction with, the HR department and school lawyers. Are there any packages anyone has used in the past they can recommend?
I am a BIG fan of the tools in the SANS SIFT. log2timeline is _incredible_ for that use. kmw -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) iEYEARECAAYFAlQhlEIACgkQsKMTOtQ3fKEjzwCfW/7Le30ozCIZP87SLJvwjjnt 7tEAoLEulf0GahsM3NeFbhWcyjqUd17k =U5rn -----END PGP SIGNATURE-----
Current thread:
- Forensics Tools Thomas Carter (Sep 23)
- FW: Forensics Tools Thomas Carter (Sep 23)
- Re: Forensics Tools Shawn Merdinger (Sep 23)
- Re: Forensics Tools Alex Waitkus (Sep 23)
- Re: Forensics Tools Kevin Wilcox (Sep 23)
- Re: Forensics Tools Juan Hernández Serrano (Sep 23)
- Re: Forensics Tools Bradley, Stephen (Sep 23)
- Re: Forensics Tools Kevin Wilcox (Sep 23)
- Re: Forensics Tools Daniels, Shane R (Sep 23)
- Re: Forensics Tools Ward, Michael (Sep 24)