Penetration Testing mailing list archives
Re: RE: digital forensic software
From: Dave Aitel <dave.aitel () gmail com>
Date: Tue, 23 Feb 2010 08:11:26 -0500
Ben is spot on here - we even include "grab process image" and "grab all of physical memory" modules in CANVAS for these reasons. Also, it's a lot easier to trojan a live memory image when you get get one remotely. And likewise, you want to make sure yours is the only kernel trojan on the box. -dave On Mon, Feb 22, 2010 at 8:46 PM, <ben.dexter () act gov au> wrote:
Forensic tools are a fantastic resource when pen-testing. If you can get your hands on physical hardware (laptop, desktop) then in the majority of circumstances you can pull out passwords, web history, email data...all the usual stuff you'd expect to find in a forensic investigation, but with the capability to then use that data in a pen-testing capacity. Some of the commercial tools also allow networking imaging, so if you've grabbed some credentials you can take a complete dd image of a workstation/server physical disk or attached device (usb, etc) over the network... * FTK Imager (Free) Easy imaging in Win environment, will do DFS shares * Helix 3 Pro (Pay) Images most things Win/Linux * Encase/FTK/X-Ways (Pay) Imaging/Analysis. All have advantages and disadvantages. FTK is easy to use (If you can get it working), need high-end hardware; Encase is very flexible, is the defacto industry standard (particularly with LE), but not so user friendly; X-Ways is the most cost effective and has a decent feature set. Ben. ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Re: RE: digital forensic software ben . dexter (Feb 22)
- Re: digital forensic software Adam Mooz (Feb 23)
- Re: RE: digital forensic software Dave Aitel (Feb 23)
- Re: RE: digital forensic software Lorenzo Nicolodi (Feb 23)