Full Disclosure mailing list archives
Forensics CD
From: "Schmehl, Paul L" <pauls () utdallas edu>
Date: Wed, 23 Apr 2003 10:49:45 -0500
Thanks to everyone that's emailed me privately as well as those who have responded to the list. I should have been more clear about what I was looking for. :-) I've downloaded and created a boot CD using FIRE. That's a really nice compilation of useful programs. However, I also have to create a CD that can be used without having to reboot. In some cases we may not want to take a machine offline until we're certain that it's compromised. Thus the need for a CD of utilities that can be used to do preliminary testing. I found a place on the web that had statically compiled programs for Linux 2.2 and 2.4 and Solaris 2.7. I'm probably going to end up compiling static copies for other OSes as well. The following is a list of utilities that I think would be useful. I invite comments, additions, subtractions from this list. Is there anything missing? Keep in mind, this is for a preliminary inspection (including md5 checksum work) without taking a machine offline for an in-depth forensic analysis. I'll also include chkrootkit and tct as well, just for completeness. To answer one question - at this point I don't know if this will be made publicly available. It *may* be, but there's a lot of work to be done before I get to that point. bindshell cat chfn chgrp chmod chown chroot chsh cp cpio cut date df dig du echo env file find grep ifconfig inetd infingerd less login ls lsof md5sum more netstat passwd ping ps rpcinfo rpm rshd strace (ktrace, etc.) sshd Strings syslogd sz tar telnetd top traceroute vi whois Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/~pauls/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Forensics CD Schmehl, Paul L (Apr 23)
- Re: Forensics CD Volker Kindermann (Apr 23)