[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20030422120116.A18112@Megaglobal.net>
From: mike at megaglobal.net (Michael)
Subject: Break-in discovery and forensics tools
>>> pauls@...allas.edu wrote a 1.1KB message. i replied ................................
> I've been tasked with putting together a CD of tools that can be used
> for analysis of hacked machines. These would be both tools that can
> determine if a program is trojaned or a file has been altered as well as
> tools that could be used to save forensics data for possible
> prosecution.
Check out FIRE (which used to be called biatchux)..
Maybe that will save you some time..
http://fire.dmzs.com/
-M.
>
> Other than Dan and Wietse's TCT, what tools do you think should be
> included?
>
> I envision this CD as having several directories, each one being for a
> particular platform (Windows, RedHat, Solaris, HP-UX, etc.). In those
> directories would be versions of TCT compiled for that platform and
> utilities such as ls, ps, file, ifconfig, strings, etc. Possibly also a
> file with MD5 checksums for OS files that are commonly altered.
>
> If you were starting from a blank slate, what would you think are the
> must have tools for this CD? How would you set it up?
>
> Paul Schmehl (pauls@...allas.edu)
> Adjunct Information Security Officer
> The University of Texas at Dallas
> AVIEN Founding Member
> http://www.utdallas.edu/~pauls/
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
--
--
Michael Jastremski | Network Engineer
Megaglobal Networks | Megaglobal.net
Open Photo Project | Openphoto.net
West Philadelphia | Westphila.net
Powered by blists - more mailing lists