RE: diagnose compromise on NT

From: Hornat, Charles (Charles_Hornat@standardandpoors.com)
Date: 07/22/02 

From: "Hornat, Charles" <Charles_Hornat@standardandpoors.com>
To: incidents@securityfocus.com
Date: Mon, 22 Jul 2002 11:53:56 -0400

The coroners Toolkit. Its free, and effective. I also recommend the Autopsy Browser by @stake for a GUI front end to it. The downloads can be found at:

http://www.porcupine.org/forensics/tct.html

and the browser can be found at:
http://www.atstake.com/research/tools/autopsy/

And the TASK kit from @stake that provides some additional tools:
http://www.atstake.com/research/tools/task/

Good Luck!

Charles

-----Original Message-----
From: Ingersoll, Jared [mailto:jared@cswv.com]
Sent: Monday, July 22, 2002 7:50 AM
To: incidents@securityfocus.com
Subject: diagnose compromise on NT

Does anyone know of any good tools that can be used on an NT 4.0 box to
(help) diagnose a system compromise? I've been playing around with inzider
with limited results.

Thanks,

Jared

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

________________________________________________________________
The information contained in this message is intended only for the recipient, may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, please be aware that any dissemination or copying of this communication is strictly prohibited. If you have received this communication in error, please immediately notify us by replying to the message and deleting it from your computer.

Thank you,
Standard & Poor's

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

Relevant Pages

  • Re: Possible System Compromise
    ... Sign up for SBC Yahoo! ... This list is provided by the SecurityFocus ARIS analyzer service. ... For more information on this free incident handling, ... and tracking system please see: http://aris.securityfocus.com ...
    (Incidents)
  • Re: RPAT - Realtime Proxy Abuse Triangulation
    ... a trustable network'. ... The other issue is that the Internet was never the ... >>> For more information on this free incident handling, ... RS> and tracking system please see: http://aris.securityfocus.com ...
    (Incidents)
  • Re: Nimda esponsibility - Laying appropriatel - implied warranty of sale
    ... Nimda esponsibility - Laying appropriatel - implied warranty of sale ... Don't bother with a class action. ... > For more information on this free incident handling, ... > and tracking system please see: http://aris.securityfocus.com ...
    (Incidents)
  • RE: A small quandary
    ... This list is provided by the SecurityFocus ARIS analyzer service. ... and tracking system please see: http://aris.securityfocus.com ... For more information on this free incident handling, management ...
    (Incidents)
  • RE: Code Red and other anomalous activity from 1433
    ... > This list is provided by the SecurityFocus ARIS analyzer service. ... > For more information on this free incident handling, management> and tracking system please see: http://aris.securityfocus.com> ...
    (Incidents)