Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

FTimes 3.5.0 Released

From: klm () uidzero org
Date: 17 Jun 2005 01:11:07 -0000
Background:

  FTimes is a system baselining and evidence collection tool. The
  primary purpose of FTimes is to gather and/or develop information
  about specified directories and files in a manner conducive to
  intrusion analysis.

  FTimes is a lightweight tool in the sense that it doesn't need
  to be "installed" on a given system to work on that system, it
  is small enough to fit on a single floppy, and it provides only
  a command line interface.

  Preserving records of all activity that occurs during a snapshot
  is important for intrusion analysis and evidence admissibility.
  For this reason, FTimes was designed to log four types of
  information: configuration settings, progress indicators, metrics,
  and errors. Output produced by FTimes is delimited text, and
  therefore, is easily assimilated by a wide variety of existing
  tools.

  http://ftimes.sourceforge.net/FTimes/

  HashDig technology is a collection of utilities designed to help
  practitioners automate the process of resolving MD5 hashes. In
  the early stages of an investigation, it is not typically possible
  or practical to examine all subject files. Therefore, practitioners
  need reliable methods that can quickly reduce the number of files
  requiring examination. One such method is to group files into two
  general categories: known and unknown. This method can be implemented
  quite effectively by manipulating hashes and comparing them to
  one or more reference databases. Even that, however, can take a
  significant amount of effort. HashDig technology attempts to
  reduce this burden through automation and the use of lightweight,
  open, and verifiable techniques.

  http://ftimes.sourceforge.net/FTimes/HashDig.shtml

Announcement:

  Version 3.5.0 is a minor release of FTimes. Generally, code was
  cleaned up and refined as necessary. Several bugs have been fixed
  -- see the ChangeLog for details. Externally, there have been
  several changes: (1) the default installation directory has
  changed; (2) several new controls have been added; (3) regular
  expression (via PCRE) and case insensitive digs are now supported;
  and (4) support for the CDROM, DEVFS, SMBFS, and TMPFS file systems
  has been added. A test harness has been added along with tests
  to validate MD5 hashes using sample vectors provided and used by
  NIST. Internally, the main improvements are MD5 performance and
  the addition of large file support. Also, many of the dig, hashdig,
  and map utilities have been improved -- see the ChangeLog for
  details.

ChangeLog:

  http://sourceforge.net/project/shownotes.php?release_id=335638

Download:

  http://sourceforge.net/project/showfiles.php?group_id=41134

Cookbook:

  http://ftimes.sourceforge.net/FTimes/Cookbook.shtml

Enjoy,
k
--
Klayton Monroe
klm () uidzero org
Fingerprint = 6D3B 1DBC F426 36E4 7C9A  FA93 9A5D D62D 4D86 DBFC
Previous By Date Next
Previous By Thread Next

Current thread: