Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Antwort: Re: Forensics CD (was: Re: Strange Folder

From: oliver.biermann () mobilcom de
Date: Wed, 9 Oct 2002 08:13:03 +0200
HI Guys,

on a workshop for digital forensics I learned about some
tools, which comprises "The Doroners Toolkit"

Anyway, here are my suggestions for a tool CD:

Linx/Unix (All self-compiled and trusted):
/bin: 
last,lastcomm,who,w,ps,netstat,lsof,arp,nc,netcat,dd,des,cryptcat,md5sum,cat,find,strings,lsmod,rpcinfo,grep,less,vi,perl,ifconfig,kill,tcpdump,diff,du,mv,showmount,top,uname,uptime,fdisk,gzip
/TCT-Tools: grave-robber,pcat,ils,icat,unrm,lazarus,mactime
/TCT-Utils: fls,istat,bcat,blockcalc,autopsy

Windows:
psloggedon,psfile,pslist,fport,dumpevt,ntlast,
(IRCR Incident Response Collection Report)

Regards,
Olli

BTW: This is the most cool topic in months.....

-- 
***********************************************
Oliver Biermann  -  MIT Security 
Mobilcom Corporate IT - Büdelsdorf 
Tel: +49 4331 4472124 - Fax: -2200
***********************************************
Fingerprint: FC19 7F6D 4405 EF4F AE25 96CD 8DAB B7D6 F3B6 9F01






"Chet Uber" <chet.uber () cox net>
08.10.02 07:32
Bitte antworten an "Chet Uber"

 
        An:     "Meritt James" <meritt_james () bah com>, "Neil Dickey" <neil () geol niu edu>
        Kopie:  <incidents () securityfocus com>, <rootman22 () attbi com>
        Thema:  Re: Forensics CD (was: Re: Strange Folder



REAL good suggestion!  Any specific recommendations as to what should be
on the CD?

Jim

Neil Dickey wrote:


It's a good idea to have a kit of such tools on a read-only
CD in advance of an incident like this, so that you have
tools you know you can trust -- that haven't been trojanned
-- ready to use.  It's rather like the instructions in a
snake-bite kit.  You want to be familiar with them *before*
Mr. Snake has his way with you.


I think you would be very impressed with the SpareMe! Super CD found at
http://www.securityposture.com, which is based on the WG distribution from
Fred Cohen and Associates at http://www.all.net. It is specifically designed
for these tasks and is a mature distribution which includes wireless
support. We have a version with with the ForensiX toolkit and training CD 
as
well.

Regards,

Chet Uber



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com





----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: