150 likes | 232 Views
Computer Forensics. NETinfo 2008-10-10. NETinfo 2008-10-10.
E N D
Computer Forensics NETinfo 2008-10-10
NETinfo 2008-10-10 Computer forensics is simply the application of computer investigation and analysis techniques in the interests of determining potential legal evidence. Evidence might be sought in a wide range of computer crime or misuse, including but not limited to theft of trade secrets, theft of or destruction of intellectual property, and fraud. Tidskrävande Det underlättar om man vet vad man letar efter
Linux distributioner med säkerhet i fokus BackTrack Helix Operator PHLAK Auditor L.A.S. Linux Knoppix-STD F.I.R.E. NETinfo 2008-10-10
NETinfo 2008-10-10 • Helix • Helix is a customized distribution of Ubuntu Linux. It focuses on incident response and computer forensics. • Maintainer: e-fense • OS: Linux,Windows,Solaris • Genre: Live CD • License: GPL, others • Website: e-fense.com/helix/
NETinfo 2008-10-10 • Helix
Helix, Bootable Linux Adepto, Imaging program utilizing dcfldd Autopsy and Sleuthkit, forensic file system investigation Scalpel, data carving from image files Clamav, Anti-Virus program Ubuntu-baserad (Knoppix tidigare), använder Gnome NETinfo 2008-10-10
Helix, Windows Live Access PassView IECookiesView IEHistoryView MessenPass Network Password Recovery PC On/Off Time Process Explorer Rootkit Revealer WFT (The Windows Forensic Toolchest) NETinfo 2008-10-10
WFT The Windows Forensic Toolchest™ (WFT) is designed to provide a structured and repeatable automated Live Forensic Response, Incident Response, or Audit on a Windows system while collecting security-relevant information from the system. WFT is essentially a forensically enhanced batch processing shell capable of running other security tools and producing HTML based reports in a forensically sound manner. http://www.foolmoon.net/security/wft/ NETinfo 2008-10-10
WFT features Generation Of Both Raw Text And HTML Reports User-Editable Config File Controls Execution Ability To Run Locally, Via CD/DVD, Or Thumb Drive Configurable Toolpath Macros Which Expand Dynamically Based On Run-Time Values Detailed Run-Time Logging Verification Of All Executed Tools Detailed Hashing Of Output Support For MD5 Hash Support For SHA1 Hash Ability To Verify WFT Config Files Automatic Updating Of WFT Hash Values For Tools WFT's Interactive Mode Provides Command-Line Alternative Ability To Run SysInternals Tools Without ‘-accepteula’ Color Output Highlights Important Info Automatic OS & Drive Detection Ability To Run Commands Based On Run-Time OS Ability To Fetch 3rd-Party Tools http://www.foolmoon.net/downloads/Live_Forensics_Using_WFT.pdf NETinfo 2008-10-10
Tips för Windows användare! Skaffa Ubuntu 8.04 Live CD Kan både läsa och skiva till NTFS partitioner NETinfo 2008-10-10