Security Incidents mailing list archives
Re: Gathering volatile information
From: Russell Fulton <r.fulton () auckland ac nz>
Date: Thu, 14 Apr 2005 20:01:59 +1200
On Wed, 2005-04-13 at 12:01 +0000, Bob the Builder wrote:
In the Unix environment there seem to be various lists of bits and pieces but no really definitive list of commands related to gathering volatile information that you should and shouldn't run and what types of things they are likely to interfere with. Am I missing something here, does just such a list exist and I'm just not looking in the right place, or is it about time somone set about righting one? I'm not talking about a religious argument on the merits of what stage a machine should be taken offline at but more what the volatile data gathering options are that are available to you if as in incident handler you need them.
Have you had a look at "The coroners toolkit": http://www.porcupine.org/forensics/tct.html
Attachment:
smime.p7s
Description:
Current thread:
- Gathering volatile information Bob the Builder (Apr 13)
- Re: Gathering volatile information Kyle Maxwell (Apr 13)
- Re: Gathering volatile information Russell Fulton (Apr 14)
- <Possible follow-ups>
- Re: Gathering volatile information Jeff Bryner (Apr 13)