FTimes 3.2.1 Release (Includes Dig, HashDig, and Map Tools)
From: Klayton Monroe (klm@ir.exodus.net)
Date: 03/27/03
- Previous message: Dan Hanson: "SecurityFocus Article Announcement: Incident Response Tools For Unix, Part One: System Tools"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 27 Mar 2003 17:13:38 +0000 From: Klayton Monroe <klm@ir.exodus.net> To: incidents@securityfocus.com
Background:
FTimes is a system baselining and evidence collection tool. The
primary purpose of FTimes is to gather and/or develop information
about specified directories and files in a manner conducive to
intrusion analysis.
FTimes is a lightweight tool in the sense that it doesn't need
to be "installed" on a given system to work on that system, it
is small enough to fit on a single floppy, and it provides only
a command line interface.
Preserving records of all activity that occurs during a snapshot
is important for intrusion analysis and evidence admissibility.
For this reason, FTimes was designed to log four types of
information: configuration settings, progress indicators, metrics,
and errors. Output produced by FTimes is delimited text, and
therefore, is easily assimilated by a wide variety of existing
tools.
http://ftimes.sourceforge.net/FTimes/
HashDig technology is a collection of utilities designed to help
practitioners automate the process of resolving MD5 hashes. In
the early stages of an investigation, it is not typically possible
or practical to examine all subject files. Therefore, practitioners
need reliable methods that can quickly reduce the number of files
requiring examination. One such method is to group files into two
general categories: known and unknown. This method can be implemented
quite effectively by manipulating hashes and comparing them to
one or more reference databases. Even that, however, can take a
significant amount of effort. HashDig technology attempts to
reduce this burden through automation and the use of lightweight,
open, and verifiable techniques.
http://ftimes.sourceforge.net/FTimes/HashDig.shtml
Announcement:
Version 3.2.1 is an update release of FTimes. Generally, code was
cleaned up and refined as necessary. The configure/build process
has been updated, and several new configure options were added.
The major event for this release was the addition of a number of
new Dig, HashDig, and Map utilities. These tools were designed
to support various workbench activities such as extracting DigString
context, resolving MD5 hashes, and constructing MAC/MACH timelines.
The primary focus of the work effort was to refine these utilities
to the point where they could be released in beta form.
http://sourceforge.net/forum/forum.php?forum_id=264191
Download:
http://sourceforge.net/project/showfiles.php?group_id=41134
Enjoy,
k
-- Klayton Monroe klm@ir.exodus.net Exodus Security Research and Development Fingerprint = 6D3B 1DBC F426 36E4 7C9A FA93 9A5D D62D 4D86 DBFC ---------------------------------------------------------------------------- Powerful Anti-Spam Management and More... SurfControl E-mail Filter puts the brakes on spam, viruses and malicious code. Safeguard your business critical communications. Download a free 30-day trial: http://www.surfcontrol.com/go/zsfihl1
- Previous message: Dan Hanson: "SecurityFocus Article Announcement: Incident Response Tools For Unix, Part One: System Tools"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
