RE: GNHLUG Nashua -- "What is WebJob?" Thur 16 Feb (By Andy Bair)
Title: RE: GNHLUG Nashua -- "What is WebJob?" Thur 16 Feb (By Andy Bair) Folks, The WebJob paper (what-is-webjob-paper.pdf) and presentation (what-is-webjob-presentation.pdf) are located at the following URL. http://webjob.sourceforge.net/WebJob/Papers.shtml Sincerely, Andy -Original Message- From: [EMAIL PROTECTED] on behalf of Bair,Paul A. Sent: Wed 2/15/2006 3:44 PM To: gnhlug-announce@mail.gnhlug.org Subject: GNHLUG Nashua -- "What is WebJob?" Thur 16 Feb (By Andy Bair) WebJob is a client-server system, where a tiny client requests and downloads a program from a server, executes that program on the client, then uploads the results to the server. WebJob is useful because it provides a mechanism for running known good programs on damaged or potentially compromised systems. This makes it ideal for remote diagnostics, incident response, and evidence collection. WebJob also provides a framework that is conducive to centralized management. Therefore, it can support and help automate a large number of common administrative tasks and host-based monitoring scenarios such as periodic system checks, file updates, integrity monitoring, patch/package management, and so on. Here is the outline for the discussion: High-level View Details: Client--Server Interaction Advantages Disadvantages Execution Example WebJob in Action Demos I will also make my presentation and a short paper available for download this evening. I'll repost the URL's when they are available. Sincerely, Andy ___ gnhlug-announce mailing list gnhlug-announce@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-announce
RE: forensic evidence collection tools?
Title: RE: forensic evidence collection tools? Paul, I work on and contribute to the ftimes project which does very well to collect all file system information. It can also search for a unique pattern (pcre) across a file system, which I've used to identify trojan files. It can be found here: http://ftimes.sourceforge.net/FTimes/index.shtml If you're trying to do incident response, I would recommend webjob. I presented it at the ghnlug last week ... not sure if you were there, but webjob was designed to perform incident response on a large number of systems. I've used it quite effectively to harvest information from a bunch of windows machines. WebJob has many advantages including aggregating the data at a central server. It can be found here: http://webjob.sourceforge.net/WebJob/index.shtml If you're looking for a quick list of forensic tools, this is a good spot: http://www.opensourceforensics.org/ >From time-to-time I guest teach an undergrad commputer forensics course, I'd be glad to talk more about forensics if you would like. Andy -Original Message- From: [EMAIL PROTECTED] on behalf of Paul Lussier Sent: Thu 2/23/2006 2:30 PM To: gnhlug-discuss@mail.gnhlug.org Subject: forensic evidence collection tools? Hi all, I'm trying to debug a problem on a set of systems. Is there something I run, say from a usb key or a Knoppix CD which will collect "all interesting information" and deposit it somewhere else? -- Seeya, Paul ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
RE: forensic evidence collection tools?
Title: RE: forensic evidence collection tools? Sorry for the repost. I'm having issues with evolution ... it keeps crashing and sometimes messages get resent from my out box. andy -Original Message- From: [EMAIL PROTECTED] on behalf of Bair,Paul A. Sent: Thu 2/23/2006 3:09 PM To: Paul Lussier Cc: gnhlug-discuss@mail.gnhlug.org Subject: Re: forensic evidence collection tools? Paul, I work on and contribute to the ftimes project which does very well to collect all file system information. It can also search for a unique pattern (pcre) across a file system, which I've used to identify trojan files. It can be found here: http://ftimes.sourceforge.net/FTimes/index.shtml If you're trying to do incident response, I would recommend webjob. I presented it at the ghnlug last week ... not sure if you were there, but webjob was designed to perform incident response on a large number of systems. I've used it quite effectively to harvest information from a bunch of windows machines. WebJob has many advantages including aggregating the data at a central server. It can be found here: http://webjob.sourceforge.net/WebJob/index.shtml If you're looking for a quick list of forensic tools, this is a good spot: http://www.opensourceforensics.org/ >From time-to-time I guest teach an undergrad commputer forensics course, I'd be glad to talk more about forensics if you would like. Andy On Thu, 2006-02-23 at 14:30 -0500, Paul Lussier wrote: > Hi all, > > I'm trying to debug a problem on a set of systems. Is there something > I run, say from a usb key or a Knoppix CD which will collect "all > interesting information" and deposit it somewhere else? ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
