neilat_private wrote: > "Meritt James" <meritt_jamesat_private> wrote in response to me: > > [ ... Kit of tools on a CD-ROM ... ] > > >REAL good suggestion! Any specific recommendations as to what should be > >on the CD? > > Thanks! I think I picked up the idea from someone on this list, as a > matter of fact. I wish I could remember who. Carv perhaps?? He teaches forensics and other post-mortem courses, and features such a disk that I seem to recall him mentioneing here. Aside from that, it is a fairly obvious idea -- if you have to run code in a compromised environment (not necessarily a good idea to do extensively if you are doing forensics work) then obviously you must not trust anything already on the machine. (Of course, at some level the tools on the CD are "trusting" the various APIs, etc to be returning true results and as anyone who has failed to adequately handle a box with a rootkit installed will tell you, that is not a clever idea...). Regards, Nick FitzGerald ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Oct 08 2002 - 19:46:41 PDT