Re: Idea: A Comprehensive List

From: Bill Weiss (houdiniat_private)
Date: Sun Mar 17 2002 - 19:50:13 PST

Next message: Lee, Robert T.: "RE: Encase and data recovery"

Previous message: mstevenson: "Suggestions for research"
In reply to: Matthew.Brownat_private: "Idea: A Comprehensive List"
Next in thread: Luis Pinto: "Re: Idea: A Comprehensive List"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Sounds like a good idea.  I've got comments inline.

Matthew.Brownat_private(Matthew.Brownat_private)@Sun, Mar 17, 2002 at 05:17:17PM -0800:
> Folks
> 
>         I'd like to create a list of resources to respond to future 
> inquiries on this list.  I will maintain this list to keep from adding to 
> the moderator's existing workload.  I suggest listing tools and services 
> in the following areas. I've added a few to get us started below my 
> signature block.
> 
>         This might also help in determining a scope for forensics labs and 
> field kits. Many tools have moved through this list and it is a shame we 
> haven't been keeping track of them. There are plenty of web sites, but I 
> think with the expertise we have on this list, we could also provide some 
> feedback on these tools once a list has been compiled.  Feedback and 
> participation is welcome.
> 
> Thanks,
> Matthew Brown, CISSP
> Principal Consultant
> 
> Sandbox tools (To Trap):
>         snort
>         trafshow
>         ethereal
>         tcpdump
>         nmap

I wouldn't call these "sandbox".  chroot is an example of sandbox.
These would be sniffers, or "capture tools".
nmap isn't even that.
 
> IDS (To Detect):  (These are the tools that create evidence we end up 
> examining during incidents afterall)
<snip>
> 
> Evidence Capturing - Software:
<snip>
> 
> Evidence Capturing - Hardware:
<snip>
> Evidence Examination:
>         Coroner's Toolkit (TCT)
>         EnCase
>         SATAN
>         NTI

SATAN is a network scanner.  In the same class as nmap, I guess.
 
> Data Recovery:
<snip>
> Certifications - Organizations that certify in the areas of Digital 
> Forensics, Incident Response, or Digital Investigations:
<snip>
> Training - Organizations that train in the areas of Digital Forensics, 
> Incident Response, or Digital Investigations:
<snip>

-- 
Bill Weiss


-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Lee, Robert T.: "RE: Encase and data recovery"
Previous message: mstevenson: "Suggestions for research"
In reply to: Matthew.Brownat_private: "Idea: A Comprehensive List"
Next in thread: Luis Pinto: "Re: Idea: A Comprehensive List"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Mar 18 2002 - 10:14:47 PST