forensic evidence collection tools?
Bair,Paul A.
PABAIR at mitre.org
Fri Feb 24 08:05:01 EST 2006
Paul,
I work on and contribute to the ftimes project which does very well to
collect all file system information. It can also search for a unique
pattern (pcre) across a file system, which I've used to identify trojan
files. It can be found here:
http://ftimes.sourceforge.net/FTimes/index.shtml
If you're trying to do incident response, I would recommend webjob. I
presented it at the ghnlug last week ... not sure if you were there,
but webjob was designed to perform incident response on a large number
of systems. I've used it quite effectively to harvest information from
a bunch of windows machines. WebJob has many advantages including
aggregating the data at a central server. It can be found here:
http://webjob.sourceforge.net/WebJob/index.shtml
If you're looking for a quick list of forensic tools, this is a good
spot:
http://www.opensourceforensics.org/
>From time-to-time I guest teach an undergrad commputer forensics course,
I'd be glad to talk more about forensics if you would like.
Andy
On Thu, 2006-02-23 at 14:30 -0500, Paul Lussier wrote:
> Hi all,
>
> I'm trying to debug a problem on a set of systems. Is there something
> I run, say from a usb key or a Knoppix CD which will collect "all
> interesting information" and deposit it somewhere else?
More information about the gnhlug-discuss
mailing list