Security Incidents mailing list archives
Re: Forensics CD (was: Re: Strange Folder
From: Ryan McBride <mcbride () countersiege com>
Date: Tue, 8 Oct 2002 11:07:59 +0000
On Mon, Oct 07, 2002 at 09:12:09AM -0400, Meritt James wrote:
Neil Dickey wrote:It's a good idea to have a kit of such tools on a read-only CD in advance of an incident like this, so that you have tools you know you can trust -- that haven't been trojanned -- ready to use. It's rather like the instructions in a snake-bite kit. You want to be familiar with them *before* Mr. Snake has his way with you.REAL good suggestion! Any specific recommendations as to what should be on the CD?
You might want to look at FIRE which is a primarily a CD bootable linux distribution designed specifically for forensic and security purposes, but also includes windows and sparc solaris binaries for performing forensic analysis. http://fire.dmzs.com/ It's available as an ISO image, so just burn and go. -Ryan -- Ryan T. McBride, CISSP - mcbride () countersiege com Countersiege Systems Corporation - http://www.countersiege.com PGP key fingerprint = 8BA0 A58C 5038 9157 59C3 F9E6 6DDA 6611 BF4C 776B ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Re: Strange Folder, (continued)
- Message not available
- Re: Strange Folder discipulus (Oct 06)
- Re: Strange Folder Midkaemia (Oct 06)
- Re: Strange Folder discipulus (Oct 07)
- Re: Strange Folder discipulus (Oct 06)
- Forensics CD (was: Re: Strange Folder Meritt James (Oct 07)
- Re: Forensics CD (was: Re: Strange Folder Chet Uber (Oct 08)
- Re: Forensics CD (was: Re: Strange Folder Ryan McBride (Oct 08)