Re: Light forensics



Eduardo,

If the box hasn't been rebooted since, you might compare last known
good profile versus current, it will show the difference, but not the
list of changes. You will only see if it has changed and remains
different. Otherwise everything you would find would be in the event
viewer. There is no separate log for IP address changes.

Adel.

On Tue, Jan 5, 2010 at 6:08 AM, Eduardo Sierra <esierr4@xxxxxxxxx> wrote:
Hi,

We had a security incident, and i'm doing a "light" forensics.

Is there a log you can check to see IP Address Changes in a Windows XP Box?
Any good free tool to undelete files?

Many thanks,

Eduardo Sierra

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------



------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------