The beta 1 release (build 1.0.0.1029) of the Forensic Acquisition Utilities is available for download from http://users.erols.com/gmgarner/forensics. Follow this link for further information and download instructions. What is the Forensic Acquisition Utilities package? This is a collection of utilities and libraries intended for forensic or forensic-related investigative use in a modern Microsoft Windows environment. The components in this collection are intended to permit the investigator to sterilize media for forensic duplication, discover where logical volume information is located and to collect the evidence from a running system while at the same time guaranteeing data integrity (e.g. with a cryptographic checksum) and while minimizing changes to the subject system. What's included in the Forensic Acquisition Utilities package? Included in this release are the following modules: 1. dd.exe: A modified version of the popular GNU dd utility program 2. md5lib.dll: A modified version of Ulrich Drepper's MD5 checksum implementation in Windows DLL format. 3. md5sum.exe: A modified version of Ulrich Drepper's MD5sum utility. 4. Volume_dump.exe: An original utility to dump volume information 5. wipe.exe: An original utility to sterilize media prior to forensic duplication. 6. zlibU.dll: A modified version of Jean-loup Gailly and Mark Adler's zlib library based on zlib-1.1.4. 7. nc.exe: A modified version of the netcat utility by Hobbit. 8. getopt.dll: An implementation of the POSIX getopt function in a Windows DLL format. What does this software require? This software requires Microsoft Windows 5.0 (Windows 2000) or later. Versions of Microsoft Windows prior to Windows 2000 will not be supported. The software has been tested on Microsoft Windows 2000 Gold, Microsoft Windows 2000 SP1, Microsoft Windows XP Gold and Microsoft .Net Server Beta 3. Where should I report bugs? Report bugs to gmgarnerat_private Regards, George. ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Apr 23 2002 - 20:43:27 PDT