Home page logo
/

basics logo Security Basics mailing list archives

re: tools used to examine a computer
From: H C <keydet89 () yahoo com>
Date: Mon, 17 Feb 2003 05:17:49 -0800 (PST)

Joshua,

I was able to copy some files over the network
before I 
took the computer into custody. What tools are out
there 
that can really be helpful in monitoring/forensics.

It really depends on what you want to do.  As far as
forensics goes, there have been some good
recommendations from EnCase and commercial tools to
freeware such as TCT, Autopsy, and TASK.  

If the system you're working with is Windows
(NT/2K/XP), there are plenty of things you can do. 
You can collect a great deal of volatile information
from the system (processes, ports, process-to-port
mappings, etc) with a wide variety of freeware tools. 
Grabbing that information and analyzing it can tell
you what, if anything, is wrong with the system. 
Pslist, handle, and listdlls from SysInternals, fport
from Foundstone and the native netstat can be used,
and then procdmp.pl from http://patriot.net/~carvdawg
can be used to consolidate the process information out
into an HTML file (example output file
http://patriot.net/~carvdawg/pd.html).

HTH

__________________________________________________
Do you Yahoo!?
Yahoo! Shopping - Send Flowers for Valentine's Day
http://shopping.yahoo.com


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault