Re: Forensic ToolKit Recommendation

Sun, 17 Sep 2000 14:17:49 -0700 

        Try Encase.  The law enforcement community has been using it for
years and is a very good product plus goes accross platforms.

        John Taylor



        From:   [EMAIL PROTECTED] on 16/09/2000 08:05
        To:     [EMAIL PROTECTED]@SMTP@Aus Exchange
        cc:     [EMAIL PROTECTED]@SMTP@Aus Exchange, Jason
Sheffield <[EMAIL PROTECTED]>@SMTP@Aus Exchange,
[EMAIL PROTECTED]@SMTP@Aus Exchange 

        Subject:        Forensic ToolKit Recommendation

        What would people recommend for a Information Security Forensic
Toolkit??

        Something that does the following:

        A software utility that would protect the subject computer system
during 
        the forensic examination from any possible alteration, damage, data 
        corruption, or virus introduction.

        A software utility that would discovers all files on the subject
system. 
        This includes existing normal files, deleted yet remaining files,
hidden 
        files, password-protected files, and encrypted files.

        Another utility that would  recover all (or as much as possible) of 
        discovered deleted files.

        A data viewer that would reveal (to the extent possible) the
contents of 
        hidden files as well as temporary or swap files used by both the 
        application programs and the operating system.

        A report utility that would produce number of accesses, etc (if
possible 
        and if legally appropriate) the contents of protected or encrypted
files.

        An analysis utility that would analyze all possibly relevant data
found in 
        special (and typically inaccessible) areas of a disk. This includes
but is 
        not limited to what is called 'unallocated' space on a disk
(currently 
        unused, but possibly the repository of previous data that is
relevant 
        evidence), as well as 'slack' space in a file (the remnant area at
the end 
        of a file, in the last assigned disk cluster, that is unused by
current 
        file data, but once again may be a possible site for previously
created and 
        relevant evidence).

        A report utility that would prints out an overall analysis in some
sort of 
        pre-defined format.

        If someone was developing this type of tool for the InfoSec
community, 
        would this type of tool be of much interest on either the Linux or
the 
        Windows platform. (i.e Windows 9x, NT, 2k)

        -
        [To unsubscribe, send mail to [EMAIL PROTECTED] with
        "unsubscribe firewalls" in the body of the message.]



-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]

Reply via email to