Security Incidents mailing list archives
Re: Computer Forsenics-> www.fish.com/forensics
From: mike () STAR1 SIRIUS COM (mike)
Date: Mon, 3 Jan 2000 14:01:18 -0800
On Mon, 3 Jan 2000, System Administrator wrote:
Hi, My apologies to everyone who has sent me mail asking for more information on computer forsenics, some y2k came up ;). I will write up a short document explaining what I was talking about, how it is done (recovering files that were deleted and so forth), "timetravelling", freezing a scene, and other analysis methods as well as the tools needed to do the job. This will not be a detailed write up, but will give you a heads up on what you can do (Dont wanna put myself out of a job anytime soon).
Sorry if this is off-topic but it's incident-reponse related: Dan Farmer and Wietse Venema did a forensics lecture: http://www.fish.com/forensics/ It mentions The Coroner's Toolkit (TCT) which I have seen a beta copy of. I don't believe it's been released yet (supposed to have been released last year). Happy New Years folks, -Mike
Current thread:
- Re: port 119, (continued)
- Re: port 119 Thomas Molina (Jan 04)
- Re: port 119 Vince Vielhaber (Jan 05)
- Ports 25092 / 20869 Vanja Hrustic (Jan 04)
- Re: Ports 25092 / 20869 Robert Graham (Jan 04)
- port 1150 and 4833 ? Kim R. Rasmussen (Jan 04)
- Re: port 1150 and 4833 ? Frameloss, Frameloss (Jan 10)
- Re: port 119 R a v e N (Jan 05)
- Re: port 119 Scott Laws (Jan 04)
- Writeup: it. TLD going astray Arrigo Triulzi (Jan 03)
- Computer Forsenics System Administrator (Jan 03)
- Re: Computer Forsenics-> www.fish.com/forensics mike (Jan 03)
- traceroute ICMP packets Laszlo Fabian (Jan 04)
- Re: traceroute ICMP packets M J (Jan 04)
- Re: traceroute ICMP packets Larry Canup (Jan 18)
- Re: ICMP time exceed in-transit packets Paul Cardon (Jan 02)
- Re: Port Scan on 371... Etaoin Shrdlu (Jan 02)
- Re: Port Scan on 371... Christopher Wilson (Jan 02)
- correlation between porscans and local activity Thomas Molina (Jan 02)