Security Incidents mailing list archives
Antwort: Re: Forensics CD (was: Re: Strange Folder
From: oliver.biermann () mobilcom de
Date: Wed, 9 Oct 2002 08:13:03 +0200
HI Guys, on a workshop for digital forensics I learned about some tools, which comprises "The Doroners Toolkit" Anyway, here are my suggestions for a tool CD: Linx/Unix (All self-compiled and trusted): /bin: last,lastcomm,who,w,ps,netstat,lsof,arp,nc,netcat,dd,des,cryptcat,md5sum,cat,find,strings,lsmod,rpcinfo,grep,less,vi,perl,ifconfig,kill,tcpdump,diff,du,mv,showmount,top,uname,uptime,fdisk,gzip /TCT-Tools: grave-robber,pcat,ils,icat,unrm,lazarus,mactime /TCT-Utils: fls,istat,bcat,blockcalc,autopsy Windows: psloggedon,psfile,pslist,fport,dumpevt,ntlast, (IRCR Incident Response Collection Report) Regards, Olli BTW: This is the most cool topic in months..... -- *********************************************** Oliver Biermann - MIT Security Mobilcom Corporate IT - Büdelsdorf Tel: +49 4331 4472124 - Fax: -2200 *********************************************** Fingerprint: FC19 7F6D 4405 EF4F AE25 96CD 8DAB B7D6 F3B6 9F01 "Chet Uber" <chet.uber () cox net> 08.10.02 07:32 Bitte antworten an "Chet Uber" An: "Meritt James" <meritt_james () bah com>, "Neil Dickey" <neil () geol niu edu> Kopie: <incidents () securityfocus com>, <rootman22 () attbi com> Thema: Re: Forensics CD (was: Re: Strange Folder
REAL good suggestion! Any specific recommendations as to what should be on the CD? Jim Neil Dickey wrote:It's a good idea to have a kit of such tools on a read-only CD in advance of an incident like this, so that you have tools you know you can trust -- that haven't been trojanned -- ready to use. It's rather like the instructions in a snake-bite kit. You want to be familiar with them *before* Mr. Snake has his way with you.
I think you would be very impressed with the SpareMe! Super CD found at http://www.securityposture.com, which is based on the WG distribution from Fred Cohen and Associates at http://www.all.net. It is specifically designed for these tasks and is a mature distribution which includes wireless support. We have a version with with the ForensiX toolkit and training CD as well. Regards, Chet Uber ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Antwort: Re: Forensics CD (was: Re: Strange Folder oliver . biermann (Oct 09)