mailing list archives
re: tools used to examine a computer
From: H C <keydet89 () yahoo com>
Date: Mon, 17 Feb 2003 05:17:49 -0800 (PST)
I was able to copy some files over the network
took the computer into custody. What tools are out
that can really be helpful in monitoring/forensics.
It really depends on what you want to do. As far as
forensics goes, there have been some good
recommendations from EnCase and commercial tools to
freeware such as TCT, Autopsy, and TASK.
If the system you're working with is Windows
(NT/2K/XP), there are plenty of things you can do.
You can collect a great deal of volatile information
from the system (processes, ports, process-to-port
mappings, etc) with a wide variety of freeware tools.
Grabbing that information and analyzing it can tell
you what, if anything, is wrong with the system.
Pslist, handle, and listdlls from SysInternals, fport
from Foundstone and the native netstat can be used,
and then procdmp.pl from http://patriot.net/~carvdawg
can be used to consolidate the process information out
into an HTML file (example output file
Do you Yahoo!?
Yahoo! Shopping - Send Flowers for Valentine's Day