Re: Break-in discovery and forensics tools

[Michael <mike () megaglobal net>]

> > > pauls () utdallas edu wrote a 1.1KB message. i replied ................................
> I've been tasked with putting together a CD of tools that can be used
> for analysis of hacked machines.  These would be both tools that can
> determine if a program is trojaned or a file has been altered as well as
> tools that could be used to save forensics data for possible
> prosecution.

Check out FIRE (which used to be called biatchux)..
Maybe that will save you some time..
http://fire.dmzs.com/

-M.


> Other than Dan and Wietse's TCT, what tools do you think should be
> included?
>
> I envision this CD as having several directories, each one being for a
> particular platform (Windows, RedHat, Solaris, HP-UX, etc.).  In those
> directories would be versions of TCT compiled for that platform and
> utilities such as ls, ps, file, ifconfig, strings, etc.  Possibly also a
> file with MD5 checksums for OS files that are commonly altered.
>
> If you were starting from a blank slate, what would you think are the
> must have tools for this CD?  How would you set it up?
>
> Paul Schmehl (pauls () utdallas edu)
> Adjunct Information Security Officer
> The University of Texas at Dallas
> AVIEN Founding Member
> http://www.utdallas.edu/~pauls/
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

-- 

--
 Michael Jastremski  | Network Engineer
 Megaglobal Networks | Megaglobal.net
 Open Photo Project  | Openphoto.net
 West Philadelphia   | Westphila.net

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html