NETinfo 2008-10-10
description
Transcript of NETinfo 2008-10-10
NETinfo 2008-10-10
Computer Forensics
NETinfo 2008-10-10
Computer forensics is simply the application of computer investigation and analysis techniques in the interests of determining potential legal evidence. Evidence might be sought in a wide range of computer crime or misuse, including but not limited to theft of trade secrets, theft of or destruction of intellectual property, and fraud.
TidskrävandeDet underlättar om man vet vad man letar efter
NETinfo 2008-10-10
Linux distributioner med säkerhet i fokus
BackTrackHelixOperatorPHLAKAuditorL.A.S. LinuxKnoppix-STDF.I.R.E.
NETinfo 2008-10-10
Helix Helix is a customized
distribution of Ubuntu Linux. It focuses on incident response and computer forensics.
Maintainer: e-fense OS: Linux,Windows,Solaris Genre: Live CD License: GPL, others Website: e-fense.com/helix/
NETinfo 2008-10-10
Helix
NETinfo 2008-10-10
Helix, Bootable Linux
Adepto, Imaging program utilizing dcflddAutopsy and Sleuthkit, forensic file system investigationScalpel, data carving from image filesClamav, Anti-Virus programUbuntu-baserad (Knoppix tidigare), använder Gnome
NETinfo 2008-10-10Helix, Windows Live
Access PassView IECookiesView IEHistoryViewMessenPass Network Password RecoveryPC On/Off TimeProcess Explorer Rootkit Revealer WFT (The Windows Forensic Toolchest)
NETinfo 2008-10-10
NETinfo 2008-10-10
NETinfo 2008-10-10
NETinfo 2008-10-10
NETinfo 2008-10-10
NETinfo 2008-10-10
WFT
The Windows Forensic Toolchest™ (WFT) is designed to provide a structured and repeatable automated Live Forensic Response, Incident Response, or Audit on a Windows system while collecting security-relevant information from the system.
WFT is essentially a forensically enhanced batch processing shell capable of running other security tools and producing HTML based reports in a forensically sound manner.
http://www.foolmoon.net/security/wft/
NETinfo 2008-10-10WFT features
Generation Of Both Raw Text And HTML ReportsUser-Editable Config File Controls ExecutionAbility To Run Locally, Via CD/DVD, Or Thumb DriveConfigurable Toolpath Macros Which Expand Dynamically Based On Run-Time Values Detailed Run-Time LoggingVerification Of All Executed ToolsDetailed Hashing Of OutputSupport For MD5 HashSupport For SHA1 HashAbility To Verify WFT Config FilesAutomatic Updating Of WFT Hash Values For ToolsWFT's Interactive Mode Provides Command-Line AlternativeAbility To Run SysInternals Tools Without ‘-accepteula’Color Output Highlights Important InfoAutomatic OS & Drive DetectionAbility To Run Commands Based On Run-Time OSAbility To Fetch 3rd-Party Tools
http://www.foolmoon.net/downloads/Live_Forensics_Using_WFT.pdf
NETinfo 2008-10-10
Tips för Windows användare!
Skaffa Ubuntu 8.04 Live CD
Kan både läsa och skiva till NTFS partitioner