Penetration Testing mailing list archives

RE: digital forensic software

From: "Erin Carroll" <amoeba () amoebazone com>
Date: Mon, 22 Feb 2010 16:13:08 -0800

Obviously the moderator was smoking crack.

Seriously however, forensic tools are very useful for pen-testing,
especially if you're deconstructing malware or bytecode to poke at the inner
workings and see how an infection or rootkit is established. I'm sure I'm
not alone in picking up new malware and letting it loose in a controlled lab
and then using forensic tools to analyze the aftermath. In many cases, it's
easier to pick up a known malware payload and modify it for your particular
penetration test target. Doing so without forensic analysis of your
modifications before turning it loose on a target client system to ensure
you are fully aware of the implications is foolhardy.

That's just one example for how forensic tools can be useful to pen-testing.
While this particular post I let through may be more appropriate to the
forensics list, there is value here for pen-testers as well... and I would
assume responses from list members would focus on those forensic tools which
have capabilities that are more useful for pen-test application vs. law
enforcement and chain of evidence.


--
Erin Carroll
Moderator, SecurityFocus pen-test mailing list
"Do Not Taunt Happy-Fun Ball"

-----Original Message-----
From: listbounce () securityfocus com
[mailto:listbounce () securityfocus com] On Behalf Of Daniel Clemens
Sent: Monday, February 22, 2010 2:55 PM
To: David Hanson
Cc: pen-test
Subject: Re: digital forensic software


On Feb 19, 2010, at 7:53 AM, David Hanson wrote:

What are your top 3 open source digital forensic software tools and

why?




If you have never used such tools some can be found here;



http://www.masterkeylinux.com/index.php/home and

http://www.opensourceforensics.org/index.html but there are others.

Dear Moderator,

No offense but how on earth did this get posted on the list.

How is this ON-Topic for the pentest mailing list?

| Daniel Uriah Clemens
| Packetninjas L.L.C | | http://www.packetninjas.net
| c. 205.567.6850      | | o. 866.267.8851
"Moments of sorrow are moments of sobriety"












-----------------------------------------------------------------------
-
This list is sponsored by: Information Assurance Certification Review
Board

Prove to peers and potential employers without a doubt that you can
actually do a proper penetration test. IACRB CPT and CEPT certs require
a full practical examination in order to become certified.

http://www.iacertification.org
-----------------------------------------------------------------------
-



------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------

Current thread:

RE: Metasploit perception, (continued)
- - - RE: Metasploit perception Andy Cuff (Feb 17)
- Re: Pentesting lab pasquale imperato (Feb 15)
- Re: Pentesting lab Robin Wood (Feb 15)
- RE: Pentesting lab Byte (Feb 17)
- RE: Pentesting lab Chitre, Salil (Feb 17)
  - Re: Pentesting lab Robin Wood (Feb 17)
  - RE: Pentesting lab Joe Peters (Feb 18)
    - digital forensic software David Hanson (Feb 22)
    - Re: digital forensic software Tom Green (Feb 22)
    - Re: digital forensic software Daniel Clemens (Feb 22)
    - RE: digital forensic software Erin Carroll (Feb 22)
    - Message not available
    - Re: digital forensic software Susan Bradley (Feb 22)
    - Re: digital forensic software Solal Jacob (Feb 25)