RE: Microsoft GhostBuster Opinions

["Todd Towles" <toddtowles () brookshires com>]

Dan wrote:
>     I agree that that this can be done currently with open 
> source (or at least free) tools currently.  Basically what 
> GhostBuster was meant to do as far as I can tell, was to 
> simply automate currently available tools. 
> With Linux it would be simple to come up with a complety open 
> source solution that would work great and could be easily 
> downloaded as an ISO.  I suppose this may be possible with 
> Knoppix, but the whole captive needing to find an NTFS driver 
> thing kind of slows the whole thing down.  It seems that the 
> best solution for a Windows tool would be to create a BartPE 
> plugin that would do the trick.

Yep, BartPE plug-in would be sweet. Microsoft has a free file MD5 hash
tool (http://support.microsoft.com/default.aspx?scid=kb;en-us;841290)
that can be used to build MD5 hashes for the whole directory. Just need
to write a BAT that takes a input Hash listing ( on-line ditry version)
and compares it to the new hash listing (off-line clean version). Just a
idea.

Maybe this is what Microsoft is creating, just hiding all these steps in
a new free tool - which is made of current free tools. Don't know.

-Todd

 
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://www.secunia.com/