Penetration Testing mailing list archives

Re: Light forensics

From: "Alonso Caballero Quezada / ReYDeS" <reydes () gmail com>
Date: Wed, 6 Jan 2010 20:33:38 -0500

Saludos:

On Tue, Jan 5, 2010 at 9:08 AM, Eduardo Sierra <esierr4 () gmail com> wrote:

Hi,

We had a security incident, and i'm doing a "light" forensics.


  Define please "light" forensics.

Is there a log you can check to see IP Address Changes in a Windows XP Box?
Any good free tool to undelete files?


  Hmm, The Windows registry store this information.

  About a good tool. A "Free" in Windows maybe "FTK Imager"

Many thanks,


  No problem.

  atte:

-- 
Alonso Eduardo Caballero Quezada aka ReYDeS - ReYDeS () gmail com
Brainbench Certified Computer Forensics (U.S.) - SSP-CNSA
www.ReYDeS.com - www.PeruSEC.org - www.npros.com.pe - LRU #307242

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------

Current thread:

Light forensics Eduardo Sierra (Jan 06)
- Re: Light forensics Alonso Caballero Quezada / ReYDeS (Jan 11)
- Re: Light forensics Wim Remes (Jan 11)
- Re: Light forensics Tom Ritter (Jan 11)
- Re: Light forensics Adrian Puente Z. (Jan 11)
  - Re: Light forensics H. Kurth Bemis (Jan 11)
- RE: Light forensics Levenglick, Jeff (Jan 11)
  - RE: Light forensics Dave Kleiman (Jan 11)
  - Re: Light forensics Felipe Martins (Jan 18)
    - RE: Light forensics Boyd, Chad (Jan 18)
- Re: Light forensics Adel Abushaev (Jan 11)