RE: Imaging Operating Systems

["Perrymon, Josh L." <PerrymonJ () bek com>]

I agree with Shawn:

VMWare is the weapon of choice for this.

I have a couple boxes setup in my lab w/ VMWare and have several OS's on
there.
I just crashed on today messing with windows permission and just reverted to
a saved copy in a matter minutes.

In fact- I'm testing a VMWare right now-

I setup syslog client ( sabernet.net ) on it and have it going to a freeBSD
box ( syslog )-
I'm tailing /var/log/messages with swatch looking for logon failures/
success and emailing that to me.

My 2 marks worth :)
JP

-----Original Message-----
From: James Riden [mailto:j.riden () massey ac nz]
Sent: Wednesday, May 26, 2004 4:24 PM
To: mbs () mistrealm com
Cc: Full-Disclosure
Subject: Re: [Full-disclosure] Imaging Operating Systems


Michael Schaefer <mbs () mistrealm com> writes:

> Hi all
>
> We are building a Windows test system, to try out tool bars, spy ware,
> malware and trojans on.
>
> Once we learn what we need to know, we obviously want to get rid of
> the junk quickly and cleanly.
>
> I keep hearing suggestions about having a "clean image" to transfer
> onto the computer.
>
> Can anyone send some details?

Ghost or Altiris can do this for you.

-- 
James Riden / j.riden () massey ac nz / Systems Security Engineer
Information Technology Services, Massey University, NZ.
GPG public key available at: http://www.massey.ac.nz/~jriden/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html