Its allso handy to have a Bootable Dos CD with NTFS for dos for editing/repairing files in dos, if you need the free version with w2k support just mail me and i'll upload my rescue disk with other utils included ( 14 MB ). > > "Meritt James" <meritt_jamesat_private> wrote in response to me: > > [ ... Kit of tools on a CD-ROM ... ] > > >REAL good suggestion! Any specific recommendations as to what should be > >on the CD? > > Thanks! I think I picked up the idea from someone on this list, as a > matter of fact. I wish I could remember who. > > Here's what I have on mine at the moment: > > bintext.exe (http://www.foundstone.com) Reads ASCII, unicode, and > resource strings in a binary. The equivalent of 'strings' > in unix. > > fport.exe (http://www.foundstone.com) Reports open ports, PID of > the process listening on them, and the path to the > program. > > handle.exe (http://www.sysinternals.com) Reports what files are open > by what processes. > > listdlls.exe (http://www.sysinternals.com) List the DLLs that are open, > the path to the DLL, and the version number. > > netstat.exe A copy of netstat from the W2K operating system. > > netstat95.exe Another copy of netstat from the W95 operating system. > > patchit.exe (http://www.foundstone.com) Binary file byte-patching > program. > > procexp.exe (http://www.sysinternals.com) Shows what files, registry > keys, and other objects processes have open, along with > process ownership. > > regmon.exe (http://www.sysinternals.com) Monitors registry activity > in real time. > > showin.exe (http://www.foundstone.com) Shows information about hidden > or disabled windows that exist on the desktop. ( I had > no idea .... ) > > tcpview.exe (http://www.sysinternals.com) Shows all TCP and UDP end- > points. On WinNT and above it shows what process owns the > endpoint. > > I've borrowed much of the wording in these descriptions from the respective > websites, but I don't think they'll mind since I'm bragging about their > stuff. It's all free, by the way, and I'm just a satisfied user. ;-) > > There's a lot more than this available, but some of it is OS-specific and > may not be useful to you. Personally, I'd put just about anything on my > forensics CD that I thought might ever be useful to me. One word of > advice, > though: Most of us probably don't do forensics as our day job, and some > time may pass between making the disk and using it. I therefore set up > a convenient 'bin' directory with all the executables on mine, and put all > the raw stuff, readmes, etc., in separate directories named for each > utility. > That way remembering what each one is good for and where I got it isn't so > difficult. > > Best regards, > > Neil Dickey, Ph.D. > Research Associate/Sysop > Geology Department > Northern Illinois University > DeKalb, Illinois > 60115 > > ---------------------------------------------------------------------------- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com > > > __________________________________________________________ Nieuw: Wanadoo ADSL Lite voor 27,95 euro per maand! Meer informatie: http://www.wanadoo.nl/adsl ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Oct 08 2002 - 20:06:05 PDT