Re: digital forensic software



On 2010-02-22, at 8:46 PM, ben.dexter@xxxxxxxxxx wrote:

Forensic tools are a fantastic resource when pen-testing. If you can get your hands on physical hardware (laptop, desktop) then in the majority of circumstances you can pull out passwords, web history, email data...all the usual stuff you'd expect to find in a forensic investigation, but with the capability to then use that data in a pen-testing capacity. Some of the commercial tools also allow networking imaging, so if you've grabbed some credentials you can take a complete dd image of a workstation/server physical disk or attached device (usb, etc) over the network...

* FTK Imager (Free) Easy imaging in Win environment, will do DFS shares
* Helix 3 Pro (Pay) Images most things Win/Linux
* Encase/FTK/X-Ways (Pay) Imaging/Analysis. All have advantages and disadvantages. FTK is easy to use (If you can get it working), need high-end hardware; Encase is very flexible, is the defacto industry standard (particularly with LE), but not so user friendly; X-Ways is the most cost effective and has a decent feature set.

Ben.

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------


Don't forget about Backtrack 4 as a tool for forensics...

-----------------------------------------------------------------
Adam Mooz
Adam.Mooz@xxxxxxxxx
http://www.AdamMooz.com
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------



Relevant Pages

  • Re: OSCP ?
    ... I like to say that the OSCP training is like a set of carpenter tools. ... Information Assurance Certification Review Board ... IACRB CPT and CEPT certs require a full practical ... IACRB CPT and CEPT certs require a full practical examination in order to become certified. ...
    (Pen-Test)
  • Re: OSCP ?
    ... Also IMHO if they exam was like the material then where is the challenge? ... Information Assurance Certification Review Board ... IACRB CPT and CEPT certs require a full practical ... IACRB CPT and CEPT certs require a full practical examination in order to become certified. ...
    (Pen-Test)
  • Re: Software to Correlate traffic from various devices
    ... Information Assurance Certification Review ... IACRB CPT and CEPT certs require ... a full practical examination in order to become certified. ...
    (Pen-Test)
  • Re: Software to Correlate traffic from various devices
    ... Information Assurance Certification Review Board ... IACRB CPT and CEPT certs require a full practical examination in order to become certified. ...
    (Pen-Test)
  • Re: OSCP ?
    ... exploits and practice other chapters covered in the course. ... Information Assurance Certification Review Board ... IACRB CPT and CEPT certs require a full practical ... IACRB CPT and CEPT certs require a full practical examination in order to become certified. ...
    (Pen-Test)