Sounds like a good idea. I've got comments inline. Matthew.Brownat_private(Matthew.Brownat_private)@Sun, Mar 17, 2002 at 05:17:17PM -0800: > Folks > > I'd like to create a list of resources to respond to future > inquiries on this list. I will maintain this list to keep from adding to > the moderator's existing workload. I suggest listing tools and services > in the following areas. I've added a few to get us started below my > signature block. > > This might also help in determining a scope for forensics labs and > field kits. Many tools have moved through this list and it is a shame we > haven't been keeping track of them. There are plenty of web sites, but I > think with the expertise we have on this list, we could also provide some > feedback on these tools once a list has been compiled. Feedback and > participation is welcome. > > Thanks, > Matthew Brown, CISSP > Principal Consultant > > Sandbox tools (To Trap): > snort > trafshow > ethereal > tcpdump > nmap I wouldn't call these "sandbox". chroot is an example of sandbox. These would be sniffers, or "capture tools". nmap isn't even that. > IDS (To Detect): (These are the tools that create evidence we end up > examining during incidents afterall) <snip> > > Evidence Capturing - Software: <snip> > > Evidence Capturing - Hardware: <snip> > Evidence Examination: > Coroner's Toolkit (TCT) > EnCase > SATAN > NTI SATAN is a network scanner. In the same class as nmap, I guess. > Data Recovery: <snip> > Certifications - Organizations that certify in the areas of Digital > Forensics, Incident Response, or Digital Investigations: <snip> > Training - Organizations that train in the areas of Digital Forensics, > Incident Response, or Digital Investigations: <snip> -- Bill Weiss ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Mar 18 2002 - 10:14:47 PST