Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

FTimes 3.2.0 Released

From: Klayton Monroe <klm () ir exodus net>
Date: Fri, 21 Feb 2003 10:03:47 +0000
Background:

  FTimes is a system baselining and evidence collection tool. The
  primary purpose of FTimes is to gather and/or develop information
  about specified directories and files in a manner conducive to
  intrusion analysis.

  FTimes is a lightweight tool in the sense that it doesn't need
  to be "installed" on a given system to work on that system, it
  is small enough to fit on a single floppy, and it provides only
  a command line interface.

  Preserving records of all activity that occurs during a snapshot
  is important for intrusion analysis and evidence admissibility.
  For this reason, FTimes was designed to log four types of
  information: configuration settings, progress indicators, metrics,
  and errors. Output produced by FTimes is delimited text, and
  therefore, is easily assimilated by a wide variety of existing
  tools.

  http://ftimes.sourceforge.net/FTimes/

Announcement:

  Version 3.2.0 is a minor release of FTimes. Compare logic has
  been completely overhauled. Hash collisions are detected and
  properly handled now, and the db's hard-coded size limit has been
  eliminated. Support for NTFS mounted partitions under Linux has
  been added. Faulty Content-Length detection and validation logic
  has been fixed. The static SSL build process for WIN32 platforms
  was changed to use /MT instead of /MD. This change requires that
  static OpenSSL builds use the /MT flag as well. The install
  location for nph-ftimes.cgi has been moved to ${prefix}/cgi/cgi-client.

  http://sourceforge.net/forum/forum.php?forum_id=245420

Download:

  http://sourceforge.net/project/showfiles.php?group_id=41134

Cookbook:

  http://ftimes.sourceforge.net/FTimes/Cookbook.shtml

White paper: "System Baselining -- A Forensic Perspective"

  This paper defines baselining terminology, explains the mechanics
  of baselining, compares and contrasts different baselining
  techniques, and describes FTimes -- a system baselining and
  evidence collection tool. The paper also explores some of the
  criteria that evidence collection tools and techniques must satisfy
  if they are going to support prosecutions. In closing, it presents
  a pair of war stories that are typical of the times.

  http://ftimes.sourceforge.net/FTimes/Papers.shtml

Enjoy,
k
-- 
Klayton Monroe
klm () ir exodus net
Exodus Security Research and Development
Fingerprint = 6D3B 1DBC F426 36E4 7C9A  FA93 9A5D D62D 4D86 DBFC

----------------------------------------------------------------------------

Do you know the base address of the Global Offset Table (GOT) on a Solaris 8
box?
CORE IMPACT does.
www.securityfocus.com/core
Previous By Date Next
Previous By Thread Next

Current thread: