Folks I'd like to create a list of resources to respond to future inquiries on this list. I will maintain this list to keep from adding to the moderator's existing workload. I suggest listing tools and services in the following areas. I've added a few to get us started below my signature block. This might also help in determining a scope for forensics labs and field kits. Many tools have moved through this list and it is a shame we haven't been keeping track of them. There are plenty of web sites, but I think with the expertise we have on this list, we could also provide some feedback on these tools once a list has been compiled. Feedback and participation is welcome. Thanks, Matthew Brown, CISSP Principal Consultant Sandbox tools (To Trap): snort trafshow ethereal tcpdump nmap IDS (To Detect): (These are the tools that create evidence we end up examining during incidents afterall) Cisco Host Based VigilEnt Security Agents Dragon Network Flight Recorder snort RealSecure Netranger Netprowler BlackIce Intruder Alert Evidence Capturing - Software: EnCase (www.GuidanceSoftware.com) dd (Comes with *nix) netcat (nc) Evidence Capturing - Hardware: ImageMaster Solo2 - Hardware duplicator F.R.E.D. and his brothers - Hardware Evidence Examination: Coroner's Toolkit (TCT) EnCase SATAN NTI Data Recovery: OnTrack's Easy Recovery Norton Utilities NTI Certifications - Organizations that certify in the areas of Digital Forensics, Incident Response, or Digital Investigations: HTCN SANS Training - Organizations that train in the areas of Digital Forensics, Incident Response, or Digital Investigations: SANS & SANSfire Guidance Software NTI ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sun Mar 17 2002 - 17:56:27 PST