[Full-Disclosure] Forensics CD
From: Schmehl, Paul L (email@example.com)
From: "Schmehl, Paul L" <firstname.lastname@example.org> To: <email@example.com> Date: Wed, 23 Apr 2003 10:49:45 -0500
Thanks to everyone that's emailed me privately as well as those who have
responded to the list. I should have been more clear about what I was
looking for. :-)
I've downloaded and created a boot CD using FIRE. That's a really nice
compilation of useful programs. However, I also have to create a CD
that can be used without having to reboot. In some cases we may not
want to take a machine offline until we're certain that it's
compromised. Thus the need for a CD of utilities that can be used to do
I found a place on the web that had statically compiled programs for
Linux 2.2 and 2.4 and Solaris 2.7. I'm probably going to end up
compiling static copies for other OSes as well. The following is a list
of utilities that I think would be useful.
I invite comments, additions, subtractions from this list. Is there
anything missing? Keep in mind, this is for a preliminary inspection
(including md5 checksum work) without taking a machine offline for an
in-depth forensic analysis. I'll also include chkrootkit and tct as
well, just for completeness.
To answer one question - at this point I don't know if this will be made
publicly available. It *may* be, but there's a lot of work to be done
before I get to that point.
strace (ktrace, etc.)
Paul Schmehl (firstname.lastname@example.org)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
Full-Disclosure - We believe in it.