Re: Forensics CD (was: Re: Strange Folder

From: robjeh@wanadoo.nl
Date: 10/08/02


Date: Tue,  8 Oct 2002 14:06:38 +0200
From: robjeh@wanadoo.nl
To: Neil Dickey <neil@geol.niu.edu>

Its allso handy to have a Bootable Dos CD with NTFS for dos for
editing/repairing files in dos, if you need the free version with w2k support
just mail me and i'll upload my rescue disk with other utils included ( 14 MB ).

>
> "Meritt James" <meritt_james@bah.com> wrote in response to me:
>
> [ ... Kit of tools on a CD-ROM ... ]
>
> >REAL good suggestion! Any specific recommendations as to what should be
> >on the CD?
>
> Thanks! I think I picked up the idea from someone on this list, as a
> matter of fact. I wish I could remember who.
>
> Here's what I have on mine at the moment:
>
> bintext.exe (http://www.foundstone.com) Reads ASCII, unicode, and
> resource strings in a binary. The equivalent of 'strings'
> in unix.
>
> fport.exe (http://www.foundstone.com) Reports open ports, PID of
> the process listening on them, and the path to the
> program.
>
> handle.exe (http://www.sysinternals.com) Reports what files are open
> by what processes.
>
> listdlls.exe (http://www.sysinternals.com) List the DLLs that are open,
> the path to the DLL, and the version number.
>
> netstat.exe A copy of netstat from the W2K operating system.
>
> netstat95.exe Another copy of netstat from the W95 operating system.
>
> patchit.exe (http://www.foundstone.com) Binary file byte-patching
> program.
>
> procexp.exe (http://www.sysinternals.com) Shows what files, registry
> keys, and other objects processes have open, along with
> process ownership.
>
> regmon.exe (http://www.sysinternals.com) Monitors registry activity
> in real time.
>
> showin.exe (http://www.foundstone.com) Shows information about hidden
> or disabled windows that exist on the desktop. ( I had
> no idea .... )
>
> tcpview.exe (http://www.sysinternals.com) Shows all TCP and UDP end-
> points. On WinNT and above it shows what process owns the
> endpoint.
>
> I've borrowed much of the wording in these descriptions from the respective
> websites, but I don't think they'll mind since I'm bragging about their
> stuff. It's all free, by the way, and I'm just a satisfied user. ;-)
>
> There's a lot more than this available, but some of it is OS-specific and
> may not be useful to you. Personally, I'd put just about anything on my
> forensics CD that I thought might ever be useful to me. One word of
> advice,
> though: Most of us probably don't do forensics as our day job, and some
> time may pass between making the disk and using it. I therefore set up
> a convenient 'bin' directory with all the executables on mine, and put all
> the raw stuff, readmes, etc., in separate directories named for each
> utility.
> That way remembering what each one is good for and where I got it isn't so
> difficult.
>
> Best regards,
>
> Neil Dickey, Ph.D.
> Research Associate/Sysop
> Geology Department
> Northern Illinois University
> DeKalb, Illinois
> 60115
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com
>
>
>

__________________________________________________________

Nieuw: Wanadoo ADSL Lite voor 27,95 euro per maand!

Meer informatie: http://www.wanadoo.nl/adsl

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com



Relevant Pages

  • Wie mit WDIDLE3 WD15EARS load cycles verringern?
    ... Set Advanced Power Management feature, ... highest I/O performance with a setting of 254. ... DOS Level utility to setup or report the idle3 value. ...
    (de.comp.hardware.laufwerke.festplatten)
  • Re: pen testing management and control system
    ... > I need to try and DoS it)? ... Notice that common management agents (Openview Operatins, Tivoli, ... talking about provide a centralised multi-agent architecture is quite ... feasible to have the central management station tell the remote agents ...
    (Pen-Test)
  • Re: A few questions on x86 machines and DOS....
    ... device independent I/O, file management, program management, ... memory management, blah, blah, blah. ... and IBMDOS.SYS on IBM PC-DOS systems? ... systems, including DOS? ...
    (comp.lang.asm.x86)
  • RE: DoS and Windows Login
    ... brute force password guessing. ... We have seen an increase in the messenger spam, but no DoS. ... For more information on this free incident handling, management ... and tracking system please see: http://aris.securityfocus.com ...
    (Incidents)
  • Re: Please help c++ home work
    ... I have a difficulty in writing an assignment which is ... > program which is able to run under DOS? ... > Car Park Management, Library Management and Yellow Page Management. ...
    (comp.lang.cpp)