Paul,
I work on and contribute to the ftimes project
which does very well to collect all file system
information. It can also search for a unique
pattern (pcre) across a file system, which I've
used to identify trojan files. It can be found
here:
http://ftimes.sourceforge.net/FTimes/index.shtml
If you're trying to do incident response, I would
recommend webjob. I presented it at the ghnlug
last week ... not sure if you were there, but
webjob was designed to perform incident response
on a large number of systems. I've used it quite
effectively to harvest information from a bunch of
windows machines. WebJob has many advantages
including aggregating the data at a central
server. It can be found here:
http://webjob.sourceforge.net/WebJob/index.shtml
If you're looking for a quick list of forensic
tools, this is a good spot:
http://www.opensourceforensics.org/
>From time-to-time I guest teach an undergrad
commputer forensics course, I'd be glad to talk
more about forensics if you would like.
Andy
-----Original Message-----
From: [EMAIL PROTECTED] on behalf of Paul Lussier
Sent: Thu 2/23/2006 2:30 PM
To: gnhlug-discuss@mail.gnhlug.org
Subject: forensic evidence collection tools?
Hi all,
I'm trying to debug a problem on a set of systems. Is there something
I run, say from a usb key or a Knoppix CD which will collect "all
interesting information" and deposit it somewhere else?
--
Seeya,
Paul
_______________________________________________
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Title: RE: forensic evidence collection tools?
- forensic evidence collection tools? Paul Lussier
- RE: forensic evidence collection tools? Bair, Andy
- Re: forensic evidence collection tools? Paul Lussier
- Re: forensic evidence collection tools? Bair,Paul A.
- RE: forensic evidence collection tools? Bair, Andy