Penetration Testing mailing list archives
RE: digital forensic software
From: "Erin Carroll" <amoeba () amoebazone com>
Date: Mon, 22 Feb 2010 16:13:08 -0800
Obviously the moderator was smoking crack. Seriously however, forensic tools are very useful for pen-testing, especially if you're deconstructing malware or bytecode to poke at the inner workings and see how an infection or rootkit is established. I'm sure I'm not alone in picking up new malware and letting it loose in a controlled lab and then using forensic tools to analyze the aftermath. In many cases, it's easier to pick up a known malware payload and modify it for your particular penetration test target. Doing so without forensic analysis of your modifications before turning it loose on a target client system to ensure you are fully aware of the implications is foolhardy. That's just one example for how forensic tools can be useful to pen-testing. While this particular post I let through may be more appropriate to the forensics list, there is value here for pen-testers as well... and I would assume responses from list members would focus on those forensic tools which have capabilities that are more useful for pen-test application vs. law enforcement and chain of evidence. -- Erin Carroll Moderator, SecurityFocus pen-test mailing list "Do Not Taunt Happy-Fun Ball"
-----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Daniel Clemens Sent: Monday, February 22, 2010 2:55 PM To: David Hanson Cc: pen-test Subject: Re: digital forensic software On Feb 19, 2010, at 7:53 AM, David Hanson wrote:What are your top 3 open source digital forensic software tools andwhy?If you have never used such tools some can be found here; http://www.masterkeylinux.com/index.php/home andhttp://www.opensourceforensics.org/index.html but there are others. Dear Moderator, No offense but how on earth did this get posted on the list. How is this ON-Topic for the pentest mailing list? | Daniel Uriah Clemens | Packetninjas L.L.C | | http://www.packetninjas.net | c. 205.567.6850 | | o. 866.267.8851 "Moments of sorrow are moments of sobriety" ----------------------------------------------------------------------- - This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ----------------------------------------------------------------------- -
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- RE: Metasploit perception, (continued)
- RE: Metasploit perception Andy Cuff (Feb 17)
- Re: Pentesting lab pasquale imperato (Feb 15)
- Re: Pentesting lab Robin Wood (Feb 15)
- RE: Pentesting lab Byte (Feb 17)
- RE: Pentesting lab Chitre, Salil (Feb 17)
- Re: Pentesting lab Robin Wood (Feb 17)
- RE: Pentesting lab Joe Peters (Feb 18)
- digital forensic software David Hanson (Feb 22)
- Re: digital forensic software Tom Green (Feb 22)
- Re: digital forensic software Daniel Clemens (Feb 22)
- RE: digital forensic software Erin Carroll (Feb 22)
- Message not available
- Re: digital forensic software Susan Bradley (Feb 22)
- Re: digital forensic software Solal Jacob (Feb 25)