Re: forensics tools - preserving data?
From: GuidoZ (uberguidoz_at_gmail.com)
Date: 10/05/04
- Previous message: peyo: "Re: [Fwd: Layer 2 Switches]"
- In reply to: Dana Rawson: "forensics tools - preserving data?"
- Next in thread: Oscar Kooijman: "RE: forensics tools - preserving data?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 5 Oct 2004 00:03:51 -0700 To: Dana Rawson <absolutezero273c@nzoomail.com>
There are a myraid of forensic tools out there free for the taking.
Being I'm not fully versed in them all, I'll just toss up some links
and let you decide which might work the best. =)
PHLAK (Pro Hackers Linux Assult Kit)
- http://www.phlak.org/
Penguin Sleuth
- http://www.linux-forensics.com/
Knoppix-std (Security Tools Distrobution
- http://www.knoppix-std.org/
L.A.S. (Local Area Security)
- http://www.localareasecurity.com/
NST (Network Security Toolkit
- http://www.networksecuritytoolkit.org/
Those are my favs. I saved the best link for last however. Some quick
"CTRL+F" searching on this page should prove to be quite useful...
List of Live CDs (Linux, all types)
- http://www.frozentech.com/content/livecd.php
Best of luck in your quest. I've had quite a bit of luck with both
Penguin Sleuth and PHLAK when it comes to data forensics. There was
another one that I wish I could remember... it was posted to this
list. It's bookmarked on a different system unfortunately.
Finally, hopefully Harlan Carvey will pipe up and share his expertise.
See http://www.windows-ir.com/ for more info.
-- Peace. ~G On 4 Oct 2004 17:44:06 -0000, Dana Rawson <absolutezero273c@nzoomail.com> wrote: > > > G'Day All, > > Before I begin, I wanted to thank everyone who had provided me with direction on my last post regarding pgp. > > Hopefully I have as simple a question as before. > > I have a client who recently had to terminate an employee and part of their decision was based on dereliction of duty. Basically too much time spent surfing the internet and not performing her expected duties. > > They have asked me to gather the internet history, temporary internet directory files, etc. > > I can pull up the files, archive them and explain the information to them. But how do I go about extracting the information (i.e. The internet address of the many files that lie in the temp internet dir) so I am able to present it in acceptable fashion that they might use it in a court of law as evidence should it come to that. > > I have been looking but can't seem to find what I think I need. I have located tools on http://www.networkintrusion.co.uk/fortools.htm > > and see that NetAnalysis might prove useful but appears to be overkill. Or is this exactly what I need? > > Thanks in advance, again. >
- Previous message: peyo: "Re: [Fwd: Layer 2 Switches]"
- In reply to: Dana Rawson: "forensics tools - preserving data?"
- Next in thread: Oscar Kooijman: "RE: forensics tools - preserving data?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
