[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <1051082124.991.11.camel@ariel.home.volker.de>
From: fulldisclosure at secspace.de (Volker Kindermann)
Subject: Break-in discovery and forensics tools
Hi Paul,
> I've been tasked with putting together a CD of tools that can be used
> for analysis of hacked machines. These would be both tools that can
> determine if a program is trojaned or a file has been altered as well as
> tools that could be used to save forensics data for possible
> prosecution.
>
> Other than Dan and Wietse's TCT, what tools do you think should be
> included?
besides the already mentioned fire and snarl (which I personaly like
more than fire) there are many tools around.
Perhaps you take a look at the listarchive of
forensics@...urityfocus.com and incidents@...urityfocus.com. There were
discussions about tools.
Concerning Windows Tools there was a multipart story at
securityfocus.com: "no stone unturned". Search for it and you will find
many hints to tools, mainly from atstake.com and foundstone.com.
atstake.com has autopsy and task which both (autopsy is a frontend to
task) are included in snarl and (perhaps) in fire.
hth
-volker
Powered by blists - more mailing lists