RE: Windows forensics with Linux analysis machine

From: Brad Bemis (Brad.Bemisat_private)
Date: Sat Aug 23 2003 - 23:31:59 PDT

Next message: Ansgar Wiechers: "Re: Data hidden in Word documents"

Previous message: Steve: "RE: Windows forensics with Linux analysis machine"
Maybe in reply to: J: "Windows forensics with Linux analysis machine"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

There have been lots of good recommendations, I even saw the standard
Knoppix distro mentioned.  I would add that the Knoppix-Security Tools
distribution is actually quite useful for this.  The creator of the distro
has even been kind enough to post a "how-to" for adding your own library of
security tool to the Knoppix distro.  Knoppix-STD will mount all of your
partitions (FAT and NTFS) automatically, and you can do whatever you need
to them with a number of tools from the CD.  http://www.knoppix-std.org/

  

Thank you for your time and attention,

=======================
Brad Bemis
Information Security Services
DHL/Airborne Express
(206) 830-3478
=======================
Email Notice: This communication may contain sensitive information. If you
are not the intended recipient, or believe that you have received this
communication in error; do not print, copy, retransmit, disseminate, or
otherwise use the information contained herein for any purpose. Please
alert the sender that you have received this message in error, and delete
the copy that you received.





> -----Original Message-----
> From: JJ [mailto:jjhorner@SAFe-mail.net]
> Sent: Wednesday, August 20, 2003 12:30 PM
> To: forensicsat_private
> Subject: Windows forensics with Linux analysis machine
> 
> 
> All,
> 
> I'm looking for good tools that will allow me to do a full 
> investigation of a Windows image using linux.  I'm looking at 
> Autopsy and Sleuthkit now.  Are there any other tools that 
> will allow me to do the full investigation (view registry 
> structures, undelete files, etc) under linux?
> 
> Thanks,
> JJ
> 
> ---------------------
> J. J. Horner
> CISSP,CCNA,CHSS,CHP
> 
> -----------------------------------------------------------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management 
> and tracking system please see: http://aris.securityfocus.com
> 
> 
> 

-----BEGIN PGP SIGNATURE-----

iQA/AwUBP0hb35DnOfS48mrdEQKIIgCdE6kw0IS4omBXhc/cGzDQX9gQ12AAoJyv
ZvAabFNPkYaFyjoML319QBHC
=DIgw
-----END PGP SIGNATURE-----



-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Ansgar Wiechers: "Re: Data hidden in Word documents"
Previous message: Steve: "RE: Windows forensics with Linux analysis machine"
Maybe in reply to: J: "Windows forensics with Linux analysis machine"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Aug 25 2003 - 06:10:21 PDT