Home page logo

basics logo Security Basics mailing list archives

re: tools used to examine a computer
From: H C <keydet89 () yahoo com>
Date: Mon, 17 Feb 2003 05:17:49 -0800 (PST)


I was able to copy some files over the network
before I 
took the computer into custody. What tools are out
that can really be helpful in monitoring/forensics.

It really depends on what you want to do.  As far as
forensics goes, there have been some good
recommendations from EnCase and commercial tools to
freeware such as TCT, Autopsy, and TASK.  

If the system you're working with is Windows
(NT/2K/XP), there are plenty of things you can do. 
You can collect a great deal of volatile information
from the system (processes, ports, process-to-port
mappings, etc) with a wide variety of freeware tools. 
Grabbing that information and analyzing it can tell
you what, if anything, is wrong with the system. 
Pslist, handle, and listdlls from SysInternals, fport
from Foundstone and the native netstat can be used,
and then procdmp.pl from http://patriot.net/~carvdawg
can be used to consolidate the process information out
into an HTML file (example output file


Do you Yahoo!?
Yahoo! Shopping - Send Flowers for Valentine's Day

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]