forensic evidence collection tools?
Bair, Andy
pabair at mitre.org
Thu Feb 23 15:18:00 EST 2006
Paul,
I work on and contribute to the ftimes project
which does very well to collect all file system
information. It can also search for a unique
pattern (pcre) across a file system, which I've
used to identify trojan files. It can be found
here:
http://ftimes.sourceforge.net/FTimes/index.shtml
If you're trying to do incident response, I would
recommend webjob. I presented it at the ghnlug
last week ... not sure if you were there, but
webjob was designed to perform incident response
on a large number of systems. I've used it quite
effectively to harvest information from a bunch of
windows machines. WebJob has many advantages
including aggregating the data at a central
server. It can be found here:
http://webjob.sourceforge.net/WebJob/index.shtml
If you're looking for a quick list of forensic
tools, this is a good spot:
http://www.opensourceforensics.org/
More information about the gnhlug-discuss
mailing list