Forensics article & Windows Net.exe replacements

From: Kevin Guidry (thekevbo1@yahoo.com)
Date: 09/10/02

Previous message: Pavel Lozhkin: "Re: CODE RED VIRUS ATTACK ON SEPT 2002"
In reply to: Gene Yoo: "Re: monitoring file changes"
Next in thread: H C: "re: Forensics article & Windows Net.exe replacements"
Next in thread: Stefan Böttcher: "re: monitoring file changes"
Reply: H C: "re: Forensics article & Windows Net.exe replacements"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 10 Sep 2002 09:31:55 -0700 (PDT)
From: Kevin Guidry <thekevbo1@yahoo.com>
To: security-basics@securityfocus.com

   At the end of his (really, really cool) article
"Win2K First Responder's Guide," H. Carvey has a link
to another paper (that deals with Windows forensics.
Written by an Air Force Special Agent, it describes a
tool that they have developed for use by their first
responders when they sit down to look at a Windows
machine that is suspected of being cracked.
   The tool is simply a large batch file that runs
various information gathering commands and appends the
results to a text file on a floppy disk. The net.exe
command is used quite a bit. However, by using this
command, or any other executable on the
potentially-compromised computer, you run the risk of
using a program that has already been altered.
   My question is this: are there any cross-platform
(Windows 9x, Me, 2000, & XP in this case) replacements
for net.exe that can easily be placed on a single
floppy disk? Is there a way (I have tried and not
succeeded) to copy a version of net.exe onto a floppy
disk and have it run on all of these platforms?

By the way, the two articles mentioned are "Win2K
First Responder's Guide" located at
http://online.securityfocus.com/infocus/1624 and
"Preservation of Fragile Digital Evidence by First
Responders" which can be found at
http://www.dfrws.org/dfrws2002/papers/Papers/Jesse_Kornblum.pdf.

Kevin

__________________________________________________
Yahoo! - We Remember
9-11: A tribute to the more than 3,000 lives lost
http://dir.remember.yahoo.com/tribute

Previous message: Pavel Lozhkin: "Re: CODE RED VIRUS ATTACK ON SEPT 2002"
In reply to: Gene Yoo: "Re: monitoring file changes"
Next in thread: H C: "re: Forensics article & Windows Net.exe replacements"
Next in thread: Stefan Böttcher: "re: monitoring file changes"
Reply: H C: "re: Forensics article & Windows Net.exe replacements"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: formatting ms access to ms excel report
... The command is working fine for the data in column A which is date field, ... Kindly guide about how to remove the error. ... you should open excel and use code to format the data ... Dim xl As Object ...
(microsoft.public.excel.programming)
Re: formatting ms access to ms excel report
... I have not yet been able to apply the command to the desired columns, ... about the command which can convert data back to number from other formats. ... Please guide me about how to give the above range in the following ... you should open excel and use code to format the data ...
(microsoft.public.excel.programming)
Re: no page number command
... Word New User FAQ & Web Directory: http://addbalance.com/word ... Microsoft's Legal Users' Guide) http://addbalance.com/usersguide ... This message is posted to a newsgroup. ... > this command and make it, again, workable. ...
(microsoft.public.word.numbering)
Re: 102 rows in table - now lost the option to add more
... I'm sure John will guide you well in the use of Word tables, ... that you do something like this in EXCEL instead. ... You might have a look in File> Project Gallery> Ledger Sheets - Lists for ... The 'add column' command is also missing and I'd rather ...
(microsoft.public.mac.office.word)