At 12:14 PM 2/24/2003 +, Trevor Cushen wrote:
Go to www.sysinternals.com and get the Unix Utils which will include dd
and netcat for Windows
Both will fit on a floppy.
I couldn't find those tools on the sysinternals site, but I did find an NT
port of dd at unixutils.sourceforge.net. Doesn't
Probably looking for something like
http://unxutils.sourceforge.net/
-t
is Disney World the only People Trap operated by a mouse?
> Go to www.sysinternals.com and get the Unix Utils
which
> will include dd and netcat for Windows
Sys
www.sysnet.ie
Tel: +353 1 2983000
Fax: +353 1 2960499
-Original Message-
From: H C [mailto:[EMAIL PROTECTED]
Sent: 25 February 2003 13:49
To: [EMAIL PROTECTED]
Subject: RE: tools used to examine a computer
As Trevor pointed out, files such as this one provide
quite a bit of detail
ax: +353 1 2960499
-Original Message-
From: H C [mailto:[EMAIL PROTECTED]
Sent: 25 February 2003 13:49
To: [EMAIL PROTECTED]
Subject: RE: tools used to examine a computer
As Trevor pointed out, files such as this one provide
quite a bit of detail regarding setting all of this
up:
http:/
As Trevor pointed out, files such as this one provide
quite a bit of detail regarding setting all of this
up:
http://www.rajeevnet.com/hacks_hints/os_clone/os_cloning.html
> Go to www.sysinternals.com and get the Unix Utils
which
> will include dd and netcat for Windows
SysInternals? Could you
3000
Fax: +353 1 2960499
-Original Message-
From: haji din [mailto:[EMAIL PROTECTED]
Sent: 24 February 2003 06:38
To: Trevor Cushen
Subject: RE: tools used to examine a computer
hi trever<
would appreciate if you could send the details of
cloning a windows machine with DD and Netc
As a side to calling in Law Enforcement, normally you have to already have
your case and prove a loss (felony loss) so document all of your costs
(human, resource, downtime, etc.). I believe in calling in LE's when
required and I think that more companies should prosecute offenders instead
of only
2003 19:28
To: [EMAIL PROTECTED]
Subject: RE: tools used to examine a computer
> ...good points on processes, servies and the like.
You
> want to document those before you take down a
machine
> (workstation or server)anyway if you are able to.
Again, it's quite easy to document this
> ...good points on processes, servies and the like.
You
> want to document those before you take down a
machine
> (workstation or server)anyway if you are able to.
Again, it's quite easy to document this sort of thing,
was well as a wide range of other data...it all simply
has to be part of the
]
Subject: RE: tools used to examine a computer
David,
I did say "hashes the file (MD5 and/or SHA-1)"...so do
it both before and after you copy it over the network.
Just be sure to collect the MAC times *before* you
hash it, as hashing causes the file to be accessed,
and the last access ti
Trevor,
> Copying can change file properties as in MAC details
> on the new system or the destination.
In the post that you responded to with the above
comment, I specifically stated:
"If one collects the necessary info (ie, MAC times..."
This is important b/c one should take care to preserv
www.sysnet.ie
Tel: +353 1 2983000
Fax: +353 1 2960499
-Original Message-
From: H C [mailto:[EMAIL PROTECTED]]
Sent: 19 February 2003 19:15
To: David J. Bianco
Cc: Trevor Cushen; [EMAIL PROTECTED]
Subject: RE: tools used to examine a computer
David,
I did say "hashes the file (MD5 and/or
y.
> -Original Message-
> From: Trevor Cushen [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, February 19, 2003 12:35 PM
> To: [EMAIL PROTECTED]
> Subject: RE: tools used to examine a computer
>
>
> DD is not copying. Copying can change file properties as i
David,
I did say "hashes the file (MD5 and/or SHA-1)"...so do
it both before and after you copy it over the network.
Just be sure to collect the MAC times *before* you
hash it, as hashing causes the file to be accessed,
and the last access time changes.
--- "David J. Bianco" <[EMAIL PROTECTED]>
PROTECTED]
Subject: RE: tools used to examine a computer
On Tue, 2003-02-18 at 13:02, H C wrote:
> > Also on the point of copying files over the network
> > first, correct me if
> > I'm wrong but that damages the chain of evidence.
>
> Now so? If one collects the ne
revor Cushen
Sysnet Ltd
www.sysnet.ie
Tel: +353 1 2983000
Fax: +353 1 2960499
-Original Message-
From: H C [mailto:[EMAIL PROTECTED]]
Sent: 18 February 2003 18:02
To: Trevor Cushen
Cc: [EMAIL PROTECTED]
Subject: RE: tools used to examine a computer
> Also on the point of copying fi
Check http://biatchux.sourceforge.net/
Rgds,
Planz
- Original Message -
From: "Ivan Hernandez" <[EMAIL PROTECTED]>
To: "Hopkins, Joshua" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Tuesday, February 18, 2003 3:04 AM
Subject: Re: tools used
> Also on the point of copying files over the network
> first, correct me if
> I'm wrong but that damages the chain of evidence.
Now so? If one collects the necessary info (ie, MAC
times, NTFS ADSs, permissions, full path, etc), hashes
the file (MD5 and/or SHA-1), and then copies the file
over t
ECTED]]
Sent: 17 February 2003 19:04
To: Hopkins, Joshua
Cc: [EMAIL PROTECTED]
Subject: Re: tools used to examine a computer
There was a very interesting linux distro called bitchux oriented in
forensic work. I had a very first version and worked fine. The problem
is that i now try google and
ject: re: tools used to examine a computer
Joshua,
> I was able to copy some files over the network
before I
> took the computer into custody. What tools are out
there
> that can really be helpful in monitoring/forensics.
It really depends on what you want to do. As far as
forensi
There was a very interesting linux distro called bitchux oriented in
forensic work. I had a very first version and worked fine. The problem
is that i now try google and can't find the info !
Ivan Hernandez
Hopkins, Joshua wrote:
I could really use some help in finding a tool that will be used w
Joshua,
> I was able to copy some files over the network
before I
> took the computer into custody. What tools are out
there
> that can really be helpful in monitoring/forensics.
It really depends on what you want to do. As far as
forensics goes, there have been some good
recommendations from
http://www.atstake.com/research/tools/task/
And
http://www.porcupine.org/forensics/tct.html
Would be a good start. Both free, I believe.
NICK
CISSP, CCSI
Senior Security Staff Member
AT&T Managed IP Security Services
-Original Message-
From: Hopkins, Joshua [mailto:[EMAIL PROTECTED]]
S
> -Original Message-
> From: Hopkins, Joshua [mailto:[EMAIL PROTECTED]]
> What tools are out there that can really be helpful in
> monitoring/forensics.
> Joshua R. Hopkins
Micheal Warfield from Internet Security Systems gave a nice presentation on
this a couple of weeks ago, including an
Hopkins, Joshua wrote:
[ ... ]
I found that a login script was placed into the admin account for
that machine and the script erased the evidence. I was able to copy
some files over the network before I took the computer into custody.
What tools are out there that can really be helpful in
monitori
Hi Joshua,
There's a multitude of tools that you can use for any number of purposes. If you are
interested in doing some data recovery, try Ontrack Easy Recovery. If you suspect
someone of doing something illegal or against policy you might try keylogging software
such as Spector or Perfect K
26 matches
Mail list logo