RE: diagnose compromise on NT

["Hornat, Charles" <Charles_Hornat () standardandpoors com>]

The coroners Toolkit.  Its free, and effective.  I also recommend the Autopsy Browser by @stake for a GUI front end to 
it.  The downloads can be found at:

http://www.porcupine.org/forensics/tct.html

and the browser can be found at:
http://www.atstake.com/research/tools/autopsy/

And the TASK kit from @stake that provides some additional tools:
http://www.atstake.com/research/tools/task/

Good Luck!

Charles

-----Original Message-----
From: Ingersoll, Jared [mailto:jared () cswv com]
Sent: Monday, July 22, 2002 7:50 AM
To: incidents () securityfocus com
Subject: diagnose compromise on NT


Does anyone know of any good tools that can be used on an NT 4.0 box to
(help) diagnose a system compromise? I've been playing around with inzider
with limited results.

Thanks,

Jared

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com


________________________________________________________________
The information contained in this message is intended only for the recipient, may be privileged and confidential and 
protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent 
responsible for delivering this message to the intended recipient, please be aware that any dissemination or copying of 
this communication is strictly prohibited. If you have received this communication in error, please immediately notify 
us by replying to the message and deleting it from your computer.

Thank you,
Standard & Poor's

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com