All, New Windows Incident Response tool released at www.incident-response.org. Great tool just released that will attempt to collect information on Windows 2000/NT systems like TCT does for UNIX based OSes. This is just the first release, more will follow. The author John McLeod, can be reached at his email address mcleodjpat_private The Incident Response Collection Report (IRCR) is similar to The Coroner's Toolkit (TCT) by Dan Farmer & Wietse Venema. IRCR is at www.incident-response.org under the tools section. This program is a collection of tools that gathers and/or analyzes forensic data on a Microsoft Windows system. You can think of this as a snapshot of the system in the past. Like TCT, most of the tools are oriented towards data collection rather than analysis. The idea of IRCR is that anyone could run the tool and send the output to a skilled Windows forensic security person for further analysis. Thanks, Rob Lee www.incident-response.org
This archive was generated by hypermail 2b30 : Wed Apr 25 2001 - 08:24:13 PDT