Re: digital forensic software

[Susan Bradley <sbradcpa () pacbell net>]

Windows Incident Response: How Did THAT Get There???:
http://windowsir.blogspot.com/2010/02/how-did-that-get-there.html
Windows Incident Response: Forensic Analysis and Intel Gathering:
http://windowsir.blogspot.com/2010/02/forensic-analysis-and-intel-gathering.html


You guys want to get in to prove to the customer they have weak links.  
Guys like Harlon want to understand how you (and others) get in.

Watching both lists there's definitely overlap.

Susan Bradley wrote:
> Erin Carroll wrote:
> > Obviously the moderator was smoking crack.
> >
> > Seriously however, forensic tools are very useful for pen-testing,
> > especially if you're deconstructing malware or bytecode to poke at the inner
> > workings and see how an infection or rootkit is established. I'm sure I'm
> > not alone in picking up new malware and letting it loose in a controlled lab
> > and then using forensic tools to analyze the aftermath. In many cases, it's
> > easier to pick up a known malware payload and modify it for your particular
> > penetration test target. Doing so without forensic analysis of your
> > modifications before turning it loose on a target client system to ensure
> > you are fully aware of the implications is foolhardy.
> >
> > That's just one example for how forensic tools can be useful to pen-testing.
> > While this particular post I let through may be more appropriate to the
> > forensics list, there is value here for pen-testers as well... and I would
> > assume responses from list members would focus on those forensic tools which
> > have capabilities that are more useful for pen-test application vs. law
> > enforcement and chain of evidence.
> >
> >
> > --
> > Erin Carroll
> > Moderator, SecurityFocus pen-test mailing list
> > "Do Not Taunt Happy-Fun Ball"
> >
> >
> >   
> > > -----Original Message-----
> > > From: listbounce () securityfocus com
> > > [mailto:listbounce () securityfocus com] On Behalf Of Daniel Clemens
> > > Sent: Monday, February 22, 2010 2:55 PM
> > > To: David Hanson
> > > Cc: pen-test
> > > Subject: Re: digital forensic software
> > >
> > >
> > > On Feb 19, 2010, at 7:53 AM, David Hanson wrote:
> > >
> > >     
> > > > What are your top 3 open source digital forensic software tools and
> > > >       
> > > why?
> > >     
> > > > If you have never used such tools some can be found here;
> > > >
> > > >
> > > >
> > > > http://www.masterkeylinux.com/index.php/home and
> > > >       
> > > http://www.opensourceforensics.org/index.html but there are others.
> > >
> > > Dear Moderator,
> > >
> > > No offense but how on earth did this get posted on the list.
> > >
> > > How is this ON-Topic for the pentest mailing list?
> > >
> > > | Daniel Uriah Clemens
> > > | Packetninjas L.L.C | | http://www.packetninjas.net
> > > | c. 205.567.6850      | | o. 866.267.8851
> > > "Moments of sorrow are moments of sobriety"
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > -----------------------------------------------------------------------
> > > -
> > > This list is sponsored by: Information Assurance Certification Review
> > > Board
> > >
> > > Prove to peers and potential employers without a doubt that you can
> > > actually do a proper penetration test. IACRB CPT and CEPT certs require
> > > a full practical examination in order to become certified.
> > >
> > > http://www.iacertification.org
> > > -----------------------------------------------------------------------
> > > -
> > >     
> >
> >
> > ------------------------------------------------------------------------
> > This list is sponsored by: Information Assurance Certification Review Board
> >
> > Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. 
> >
> > http://www.iacertification.org
> > ------------------------------------------------------------------------
> >
> >
> >   

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------