HI Guys, on a workshop for digital forensics I learned about some tools, which comprises "The Doroners Toolkit" Anyway, here are my suggestions for a tool CD: Linx/Unix (All self-compiled and trusted): /bin: last,lastcomm,who,w,ps,netstat,lsof,arp,nc,netcat,dd,des,cryptcat,md5sum,cat,find,strings,lsmod,rpcinfo,grep,less,vi,perl,ifconfig,kill,tcpdump,diff,du,mv,showmount,top,uname,uptime,fdisk,gzip /TCT-Tools: grave-robber,pcat,ils,icat,unrm,lazarus,mactime /TCT-Utils: fls,istat,bcat,blockcalc,autopsy Windows: psloggedon,psfile,pslist,fport,dumpevt,ntlast, (IRCR Incident Response Collection Report) Regards, Olli BTW: This is the most cool topic in months..... -- *********************************************** Oliver Biermann - MIT Security Mobilcom Corporate IT - Büdelsdorf Tel: +49 4331 4472124 - Fax: -2200 *********************************************** Fingerprint: FC19 7F6D 4405 EF4F AE25 96CD 8DAB B7D6 F3B6 9F01 "Chet Uber" <chet.uberat_private> 08.10.02 07:32 Bitte antworten an "Chet Uber" An: "Meritt James" <meritt_jamesat_private>, "Neil Dickey" <neilat_private> Kopie: <incidentsat_private>, <rootman22at_private> Thema: Re: Forensics CD (was: Re: Strange Folder > REAL good suggestion! Any specific recommendations as to what should be > on the CD? > > Jim > > Neil Dickey wrote: > > > It's a good idea to have a kit of such tools on a read-only > > CD in advance of an incident like this, so that you have > > tools you know you can trust -- that haven't been trojanned > > -- ready to use. It's rather like the instructions in a > > snake-bite kit. You want to be familiar with them *before* > > Mr. Snake has his way with you. I think you would be very impressed with the SpareMe! Super CD found at http://www.securityposture.com, which is based on the WG distribution from Fred Cohen and Associates at http://www.all.net. It is specifically designed for these tasks and is a mature distribution which includes wireless support. We have a version with with the ForensiX toolkit and training CD as well. Regards, Chet Uber ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Oct 09 2002 - 15:27:31 PDT