Security Incidents mailing list archives
Re: Forensics CD (was: Re: Strange Folder
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Tue, 08 Oct 2002 21:16:00 +1200
neil () geol niu edu wrote:
"Meritt James" <meritt_james () bah com> wrote in response to me: [ ... Kit of tools on a CD-ROM ... ]REAL good suggestion! Any specific recommendations as to what should be on the CD?Thanks! I think I picked up the idea from someone on this list, as a matter of fact. I wish I could remember who.
Carv perhaps?? He teaches forensics and other post-mortem courses, and features such a disk that I seem to recall him mentioneing here. Aside from that, it is a fairly obvious idea -- if you have to run code in a compromised environment (not necessarily a good idea to do extensively if you are doing forensics work) then obviously you must not trust anything already on the machine. (Of course, at some level the tools on the CD are "trusting" the various APIs, etc to be returning true results and as anyone who has failed to adequately handle a box with a rootkit installed will tell you, that is not a clever idea...). Regards, Nick FitzGerald ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Re: Forensics CD (was: Re: Strange Folder Neil Dickey (Oct 07)
- Re: Forensics CD (was: Re: Strange Folder Nick FitzGerald (Oct 08)
- Re: Forensics CD (was: Re: Strange Folder robjeh (Oct 08)
- <Possible follow-ups>
- RE: Forensics CD (was: Re: Strange Folder Brian Taylor (Oct 08)
- Re: Forensics CD (was: Re: Strange Folder sunzi (Oct 09)
- Re: Forensics CD (was: Re: Strange Folder Neil Dickey (Oct 09)
- RE: Forensics CD (was: Re: Strange Folder Morris, Rod (Oct 10)
- RE: Forensics CD (was: Re: Strange Folder Jonathan Watts (Oct 11)