Hi Trevor, Not sure if there is such a tool around, but we have collected folders with forensics and file checking tools here:
http://www.e-secure-db.us/dscgi/ds.py/View/Collection-1515 http://www.e-secure-db.us/dscgi/ds.py/View/Collection-1525 Have a look for anything that may help you. Good luck, Arjen -----Original Message----- From: Trevor Cushen [mailto:[EMAIL PROTECTED]] Sent: Thursday, 19 September 2002 9:37 p.m. To: securitybasics Subject: it security forensics and investigation including the pagefile I am currently doing security work in the area of after the event forensics to give it it's full title. I am using @stake task to run analysis against the unallocated space on the suspect disk but am lacking a utility to analysis the nt pagefile. I am looking for a utility (preferable freeware) that will allow me to analyze a windows pagefile. I have tools that allow me to boot the machine and remove the idle pagefile, but how can I go through the contents. NTI Getfree software claims to do it but at a high cost. I don't believe I can access a pagefile on a live machine but please correct me if I am wrong, I am using a linux bootable CD with tools to mount the drive and ftp the pagefile to another machine or disk. Trevor Cushen
