netinfo 2008-10-10

NETinfo 2008-10-10

Computer Forensics

NETinfo 2008-10-10

Computer forensics is simply the application of computer investigation and analysis techniques in the interests of determining potential legal evidence. Evidence might be sought in a wide range of computer crime or misuse, including but not limited to theft of trade secrets, theft of or destruction of intellectual property, and fraud.

TidskrävandeDet underlättar om man vet vad man letar efter

NETinfo 2008-10-10

Linux distributioner med säkerhet i fokus

BackTrackHelixOperatorPHLAKAuditorL.A.S. LinuxKnoppix-STDF.I.R.E.

NETinfo 2008-10-10

Helix Helix is a customized

distribution of Ubuntu Linux. It focuses on incident response and computer forensics.

Maintainer: e-fense OS: Linux,Windows,Solaris Genre: Live CD License: GPL, others Website: e-fense.com/helix/

NETinfo 2008-10-10

Helix

NETinfo 2008-10-10

Helix, Bootable Linux

Adepto, Imaging program utilizing dcflddAutopsy and Sleuthkit, forensic file system investigationScalpel, data carving from image filesClamav, Anti-Virus programUbuntu-baserad (Knoppix tidigare), använder Gnome

NETinfo 2008-10-10Helix, Windows Live

Access PassView IECookiesView IEHistoryViewMessenPass Network Password RecoveryPC On/Off TimeProcess Explorer Rootkit Revealer WFT (The Windows Forensic Toolchest)

NETinfo 2008-10-10

NETinfo 2008-10-10

NETinfo 2008-10-10

NETinfo 2008-10-10

NETinfo 2008-10-10

NETinfo 2008-10-10

WFT

The Windows Forensic Toolchest™ (WFT) is designed to provide a structured and repeatable automated Live Forensic Response, Incident Response, or Audit on a Windows system while collecting security-relevant information from the system.

WFT is essentially a forensically enhanced batch processing shell capable of running other security tools and producing HTML based reports in a forensically sound manner.

http://www.foolmoon.net/security/wft/

NETinfo 2008-10-10WFT features

Generation Of Both Raw Text And HTML ReportsUser-Editable Config File Controls ExecutionAbility To Run Locally, Via CD/DVD, Or Thumb DriveConfigurable Toolpath Macros Which Expand Dynamically Based On Run-Time Values Detailed Run-Time LoggingVerification Of All Executed ToolsDetailed Hashing Of OutputSupport For MD5 HashSupport For SHA1 HashAbility To Verify WFT Config FilesAutomatic Updating Of WFT Hash Values For ToolsWFT's Interactive Mode Provides Command-Line AlternativeAbility To Run SysInternals Tools Without ‘-accepteula’Color Output Highlights Important InfoAutomatic OS & Drive DetectionAbility To Run Commands Based On Run-Time OSAbility To Fetch 3rd-Party Tools

http://www.foolmoon.net/downloads/Live_Forensics_Using_WFT.pdf

NETinfo 2008-10-10

Tips för Windows användare!

Skaffa Ubuntu 8.04 Live CD

Kan både läsa och skiva till NTFS partitioner