FTimes 3.3.0 Release
From: Klayton Monroe (klm_at_uidzero.org)
Date: 08/16/03
- Previous message: Klayton Monroe: "WebJob 1.3.0 Release"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 16 Aug 2003 15:57:58 +0000 To: incidents@securityfocus.com
Background:
FTimes is a system baselining and evidence collection tool. The
primary purpose of FTimes is to gather and/or develop information
about specified directories and files in a manner conducive to
intrusion analysis.
FTimes is a lightweight tool in the sense that it doesn't need
to be "installed" on a given system to work on that system, it
is small enough to fit on a single floppy, and it provides only
a command line interface.
Preserving records of all activity that occurs during a snapshot
is important for intrusion analysis and evidence admissibility.
For this reason, FTimes was designed to log four types of
information: configuration settings, progress indicators, metrics,
and errors. Output produced by FTimes is delimited text, and
therefore, is easily assimilated by a wide variety of existing
tools.
http://ftimes.sourceforge.net/FTimes/
HashDig technology is a collection of utilities designed to help
practitioners automate the process of resolving MD5 hashes. In
the early stages of an investigation, it is not typically possible
or practical to examine all subject files. Therefore, practitioners
need reliable methods that can quickly reduce the number of files
requiring examination. One such method is to group files into two
general categories: known and unknown. This method can be implemented
quite effectively by manipulating hashes and comparing them to
one or more reference databases. Even that, however, can take a
significant amount of effort. HashDig technology attempts to
reduce this burden through automation and the use of lightweight,
open, and verifiable techniques.
http://ftimes.sourceforge.net/FTimes/HashDig.shtml
Announcement:
Version 3.3.0 is a minor release of FTimes. Generally, code was
cleaned up and refined as necessary. This release includes two
new modes: diglean and maplean. These modes were added to fill
the gap between the auto and full modes. Additionally, all MD5
code has been replaced, and a new control, HashSymbolicLinks, has
been added. The MAC/MACH timeline script, ftimes-map2mac.pl, now
includes support for an external sorting method, and hipdig.pl
has been given the ability to dig for Track[12] credit card data.
Finally, configure/build support for the ia64 platform was added.
http://sourceforge.net/forum/forum.php?forum_id=302122
Download:
http://sourceforge.net/project/showfiles.php?group_id=41134
Cookbook:
http://ftimes.sourceforge.net/FTimes/Cookbook.shtml
Enjoy,
k
-- Klayton Monroe klm@uidzero.org Fingerprint = 6D3B 1DBC F426 36E4 7C9A FA93 9A5D D62D 4D86 DBFC --------------------------------------------------------------------------- Captus Networks - Integrated Intrusion Prevention and Traffic Shaping - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Automatically Control P2P, IM and Spam Traffic - Ensure Reliable Performance of Mission Critical Applications - Precisely Define and Implement Network Security and Performance Policies **FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo Visit us at: http://www.securityfocus.com/sponsor/CaptusNetworks_incidents_030814 ----------------------------------------------------------------------------
- Previous message: Klayton Monroe: "WebJob 1.3.0 Release"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
