| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: mike at megaglobal.net (Michael) Subject: Break-in discovery and forensics tools >>> pauls@...allas.edu wrote a 1.1KB message. i replied ................................ > I've been tasked with putting together a CD of tools that can be used > for analysis of hacked machines. These would be both tools that can > determine if a program is trojaned or a file has been altered as well as > tools that could be used to save forensics data for possible > prosecution. Check out FIRE (which used to be called biatchux).. Maybe that will save you some time.. http://fire.dmzs.com/ -M. > > Other than Dan and Wietse's TCT, what tools do you think should be > included? > > I envision this CD as having several directories, each one being for a > particular platform (Windows, RedHat, Solaris, HP-UX, etc.). In those > directories would be versions of TCT compiled for that platform and > utilities such as ls, ps, file, ifconfig, strings, etc. Possibly also a > file with MD5 checksums for OS files that are commonly altered. > > If you were starting from a blank slate, what would you think are the > must have tools for this CD? How would you set it up? > > Paul Schmehl (pauls@...allas.edu) > Adjunct Information Security Officer > The University of Texas at Dallas > AVIEN Founding Member > http://www.utdallas.edu/~pauls/ > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html -- -- Michael Jastremski | Network Engineer Megaglobal Networks | Megaglobal.net Open Photo Project | Openphoto.net West Philadelphia | Westphila.net
Powered by blists - more mailing lists