lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <1051082124.991.11.camel@ariel.home.volker.de>
From: fulldisclosure at secspace.de (Volker Kindermann)
Subject: Break-in discovery and forensics tools

Hi Paul,


> I've been tasked with putting together a CD of tools that can be used
> for analysis of hacked machines.  These would be both tools that can
> determine if a program is trojaned or a file has been altered as well as
> tools that could be used to save forensics data for possible
> prosecution.
> 
> Other than Dan and Wietse's TCT, what tools do you think should be
> included?

besides the already mentioned fire and snarl (which I personaly like
more than fire) there are many tools around.

Perhaps you take a look at the listarchive of
forensics@...urityfocus.com and incidents@...urityfocus.com. There were
discussions about tools.

Concerning Windows Tools there was a multipart story at
securityfocus.com: "no stone unturned". Search for it and you will find
many hints to tools, mainly from atstake.com and foundstone.com.

atstake.com has autopsy and task which both (autopsy is a frontend to
task) are included in snarl and (perhaps) in fire.

hth

 -volker


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ