[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <0304220847530.139081864@somehost.domainz.com>
From: devon at lithiumnode.com (Timmah)
Subject: Break-in discovery and forensics tools
I carry around a case with http://fire.dmzs.com and floppies with bios
cracking tools and boot disks for replacing admin/root passwords on every
OS. A copy EnCase on a forensics station doesn't hurt either
http://www.guidancesoftware.com/products/software/encaseforensic/index.shtm
... are you wanting open source tools only? If so, the above-mentioned
Fire is a project to watch closely.
[t]
On Tue, 22 Apr 2003, Schmehl, Paul L wrote:
> I've been tasked with putting together a CD of tools that can be used
> for analysis of hacked machines. These would be both tools that can
> determine if a program is trojaned or a file has been altered as well as
> tools that could be used to save forensics data for possible
> prosecution.
>
> Other than Dan and Wietse's TCT, what tools do you think should be
> included?
>
> I envision this CD as having several directories, each one being for a
> particular platform (Windows, RedHat, Solaris, HP-UX, etc.). In those
> directories would be versions of TCT compiled for that platform and
> utilities such as ls, ps, file, ifconfig, strings, etc. Possibly also a
> file with MD5 checksums for OS files that are commonly altered.
>
> If you were starting from a blank slate, what would you think are the
> must have tools for this CD? How would you set it up?
>
> Paul Schmehl (pauls@...allas.edu)
> Adjunct Information Security Officer
> The University of Texas at Dallas
> AVIEN Founding Member
> http://www.utdallas.edu/~pauls/
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
Powered by blists - more mailing lists