Matt, Great idea, thanks for starting it off. As far as additions: Sandbox tools: LaBrea, Recourse ManTrap Training: CERT, Foundstone, @Stake I have a question to the list, regarding the Evidence Capturing -- Hardware category. What are people doing when it comes to building a forensic analysis station? Are they purchasing a solution (i.e. F.R.E.D.) or are they rolling their own? Experiences? I will summarize to the list. -jim -----Original Message----- From: Matthew.Brownat_private [mailto:Matthew.Brownat_private] Sent: Sunday, March 17, 2002 7:17 PM To: forensicsat_private Subject: Idea: A Comprehensive List Folks I'd like to create a list of resources to respond to future inquiries on this list. I will maintain this list to keep from adding to the moderator's existing workload. I suggest listing tools and services in the following areas. I've added a few to get us started below my signature block. This might also help in determining a scope for forensics labs and field kits. Many tools have moved through this list and it is a shame we haven't been keeping track of them. There are plenty of web sites, but I think with the expertise we have on this list, we could also provide some feedback on these tools once a list has been compiled. Feedback and participation is welcome. Thanks, Matthew Brown, CISSP Principal Consultant Sandbox tools (To Trap): snort trafshow ethereal tcpdump nmap IDS (To Detect): (These are the tools that create evidence we end up examining during incidents afterall) Cisco Host Based VigilEnt Security Agents Dragon Network Flight Recorder snort RealSecure Netranger Netprowler BlackIce Intruder Alert Evidence Capturing - Software: EnCase (www.GuidanceSoftware.com) dd (Comes with *nix) netcat (nc) Evidence Capturing - Hardware: ImageMaster Solo2 - Hardware duplicator F.R.E.D. and his brothers - Hardware Evidence Examination: Coroner's Toolkit (TCT) EnCase SATAN NTI Data Recovery: OnTrack's Easy Recovery Norton Utilities NTI Certifications - Organizations that certify in the areas of Digital Forensics, Incident Response, or Digital Investigations: HTCN SANS Training - Organizations that train in the areas of Digital Forensics, Incident Response, or Digital Investigations: SANS & SANSfire Guidance Software NTI ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com -------- End of forwarded message -------- ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Mar 20 2002 - 06:42:43 PST