Re: Forensics CD (was: Re: Strange Folder

From: robjeh@wanadoo.nl
Date: 10/08/02


Date: Tue,  8 Oct 2002 14:06:38 +0200
From: robjeh@wanadoo.nl
To: Neil Dickey <neil@geol.niu.edu>

Its allso handy to have a Bootable Dos CD with NTFS for dos for
editing/repairing files in dos, if you need the free version with w2k support
just mail me and i'll upload my rescue disk with other utils included ( 14 MB ).

>
> "Meritt James" <meritt_james@bah.com> wrote in response to me:
>
> [ ... Kit of tools on a CD-ROM ... ]
>
> >REAL good suggestion! Any specific recommendations as to what should be
> >on the CD?
>
> Thanks! I think I picked up the idea from someone on this list, as a
> matter of fact. I wish I could remember who.
>
> Here's what I have on mine at the moment:
>
> bintext.exe (http://www.foundstone.com) Reads ASCII, unicode, and
> resource strings in a binary. The equivalent of 'strings'
> in unix.
>
> fport.exe (http://www.foundstone.com) Reports open ports, PID of
> the process listening on them, and the path to the
> program.
>
> handle.exe (http://www.sysinternals.com) Reports what files are open
> by what processes.
>
> listdlls.exe (http://www.sysinternals.com) List the DLLs that are open,
> the path to the DLL, and the version number.
>
> netstat.exe A copy of netstat from the W2K operating system.
>
> netstat95.exe Another copy of netstat from the W95 operating system.
>
> patchit.exe (http://www.foundstone.com) Binary file byte-patching
> program.
>
> procexp.exe (http://www.sysinternals.com) Shows what files, registry
> keys, and other objects processes have open, along with
> process ownership.
>
> regmon.exe (http://www.sysinternals.com) Monitors registry activity
> in real time.
>
> showin.exe (http://www.foundstone.com) Shows information about hidden
> or disabled windows that exist on the desktop. ( I had
> no idea .... )
>
> tcpview.exe (http://www.sysinternals.com) Shows all TCP and UDP end-
> points. On WinNT and above it shows what process owns the
> endpoint.
>
> I've borrowed much of the wording in these descriptions from the respective
> websites, but I don't think they'll mind since I'm bragging about their
> stuff. It's all free, by the way, and I'm just a satisfied user. ;-)
>
> There's a lot more than this available, but some of it is OS-specific and
> may not be useful to you. Personally, I'd put just about anything on my
> forensics CD that I thought might ever be useful to me. One word of
> advice,
> though: Most of us probably don't do forensics as our day job, and some
> time may pass between making the disk and using it. I therefore set up
> a convenient 'bin' directory with all the executables on mine, and put all
> the raw stuff, readmes, etc., in separate directories named for each
> utility.
> That way remembering what each one is good for and where I got it isn't so
> difficult.
>
> Best regards,
>
> Neil Dickey, Ph.D.
> Research Associate/Sysop
> Geology Department
> Northern Illinois University
> DeKalb, Illinois
> 60115
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com
>
>
>

__________________________________________________________

Nieuw: Wanadoo ADSL Lite voor 27,95 euro per maand!

Meer informatie: http://www.wanadoo.nl/adsl

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com