Security Incidents mailing list archives
FTimes 3.5.0 Released
From: klm () uidzero org
Date: 17 Jun 2005 01:11:07 -0000
Background: FTimes is a system baselining and evidence collection tool. The primary purpose of FTimes is to gather and/or develop information about specified directories and files in a manner conducive to intrusion analysis. FTimes is a lightweight tool in the sense that it doesn't need to be "installed" on a given system to work on that system, it is small enough to fit on a single floppy, and it provides only a command line interface. Preserving records of all activity that occurs during a snapshot is important for intrusion analysis and evidence admissibility. For this reason, FTimes was designed to log four types of information: configuration settings, progress indicators, metrics, and errors. Output produced by FTimes is delimited text, and therefore, is easily assimilated by a wide variety of existing tools. http://ftimes.sourceforge.net/FTimes/ HashDig technology is a collection of utilities designed to help practitioners automate the process of resolving MD5 hashes. In the early stages of an investigation, it is not typically possible or practical to examine all subject files. Therefore, practitioners need reliable methods that can quickly reduce the number of files requiring examination. One such method is to group files into two general categories: known and unknown. This method can be implemented quite effectively by manipulating hashes and comparing them to one or more reference databases. Even that, however, can take a significant amount of effort. HashDig technology attempts to reduce this burden through automation and the use of lightweight, open, and verifiable techniques. http://ftimes.sourceforge.net/FTimes/HashDig.shtml Announcement: Version 3.5.0 is a minor release of FTimes. Generally, code was cleaned up and refined as necessary. Several bugs have been fixed -- see the ChangeLog for details. Externally, there have been several changes: (1) the default installation directory has changed; (2) several new controls have been added; (3) regular expression (via PCRE) and case insensitive digs are now supported; and (4) support for the CDROM, DEVFS, SMBFS, and TMPFS file systems has been added. A test harness has been added along with tests to validate MD5 hashes using sample vectors provided and used by NIST. Internally, the main improvements are MD5 performance and the addition of large file support. Also, many of the dig, hashdig, and map utilities have been improved -- see the ChangeLog for details. ChangeLog: http://sourceforge.net/project/shownotes.php?release_id=335638 Download: http://sourceforge.net/project/showfiles.php?group_id=41134 Cookbook: http://ftimes.sourceforge.net/FTimes/Cookbook.shtml Enjoy, k -- Klayton Monroe klm () uidzero org Fingerprint = 6D3B 1DBC F426 36E4 7C9A FA93 9A5D D62D 4D86 DBFC
Current thread:
- FTimes 3.5.0 Released klm (Jun 17)