NT/2K Forensics Server Project

From: H C (keydet89@yahoo.com)
Date: 10/19/01 

Message-ID: <20011019130703.39440.qmail@web20507.mail.yahoo.com>
Date: Fri, 19 Oct 2001 06:07:03 -0700 (PDT)
From: H C <keydet89@yahoo.com>
Subject: NT/2K Forensics Server Project
To: forensics@securityfocus.com, focus-ms@securityfocus.com

To all,

Based on experience handling a variety of incidents,
and after finding some patterns in several articles
regarding incident response and 'live' forensics
investigations on NT/2K, I've come up with an idea for
a Forensics Server Project:

http://patriot.net/~carvdawg/fsproj.html

The purpose of the FSP is to provide an automated
means of collecting, hashing and documenting volatile
information from NT/2K systems, as part of a 'live'
forensics investigation. Volatile information is lost
when the system is shut down, in order for a bit-image
copy of the drive(s) to be made.

The FSP can also be used in cases in which a 'live'
forensics investigation is all that is required; ie,
no LE involvement. This may be due to cost
considerations, or requirements that mission-critical
production systems not be taken down.

The web site is an attempt to explain the FSP.
Comments and discussion are welcome.

Carv

__________________________________________________
Do You Yahoo!?
Make a great connection at Yahoo! Personals.
http://personals.yahoo.com