|
|
|
|
|
|
| ISP Resources |
| ISP-Lists ISP Glossary ISP News The List ISPCON Events Free Newsletters |
|
|
|
||
| internet.commerce | ||
|
Partner With Us |
Security Tools for the Budget Conscious ISP, Part III: System Forensics Tools
VP Core Competence, Inc. [February 6, 2004] |
 |
System Forensics Tools
When a system has been compromised by an attack, it's very important to learn
exactly what happened. Doing so can help you repair the damage, close holes
to avoid future attacks, identify the source of the attack, and (when appropriate)
take legal action.Computer forensics is the science of conducting a formal computer
security incident investigation. Forensics tools support investigation by copying,
collecting, and analyzing evidence without compromising the source. Although
you can use these tools to examine a system after an attack, if you think you
may want to take legal action, it's best to call in a forensics expert who understands
legal nuances like preserving the chain of evidence. Here are a just few of
the many companies offering commercial computer incident response and forensics
services:
To learn more about computer forensics principles and investigative techniques, consider reading "Handbook of Computer Crime Investigation: Forensics Tools & Technology" or "Incident Response: Investigating Computer Crime." You can also gain valuable insight by trying a few freely-available system forensics tools:
- @Stake's
The Sleuth Kit (previously known as TASK) is a collection of *NIX command
line file system and media management forensics utilities that are non-intrusive.
The
Autopsy Forensic Browser is Web-based GUI for The Sleuth Kit.
- FIRE
(Forensics and Incident Response Environment) is a bootable CD environment
and toolkit for use during forensics investigation of Win32, Linux, and Solaris
systems.
- Foundstone's
Forensics Toolkit includes a number of open source Win32 command line
utilities that unobtrusively gather evidence from NTFS partitions (e.g., file
last access time, hidden files, hidden data streams). To view sample Forensics
Toolkit output, click here.
- FTimes
is an open source system baselining tool that can also be used for evidence
collection during forensics investigation on Win32 and *NIX systems.
- MD5deep
and comparable checksum-based file integrity tools can be useful to compare
the aftermath of an attack to a previously-recorded system snapshot.
- Open
Source Digital Forensics Analysis Tools is a comprehensive website of
links to bootable environments and data acquisition, media management analysis,
file system analysis, and application analysis tools for Win32 and *NIX.
- Partimage
is an open source utility for saving *NIX partition images. Creating verifiable
disk images for reference is essential to any incident investigation, and
should always be done before touching anything on a compromised system.
- RDA
(Remote Data Acquisition) is an open source Linux utility that can be used
to acquire a checksummed disk or partition image over a network.
- The Coroner's Toolkit (TCT) is popular group of open source tools for forensics data collection on *NIX systems.
.
|
Security
Tools for the Budget Conscious ISP, Part III:
System Forensics Tools |
|
|
| Best of ISP-Planet | ||
|---|---|---|
|
ISP-Planet
Guide
ISP-Planet's Principal Studies Directories:
Q2 2008 Top U.S. ISPs by Subscriber (Updated 08/29/2008)
ISP-Planet's Blogroll | ||
ISP-Planet's
RSS feed
Jupitermedia Corporation has two divisions: Jupiterimages and JupiterOnlineMedia
Legal Notices, Licensing, Reprints, Permissions, Privacy Policy.
Advertise | Newsletters | Tech Jobs | Shopping | E-mail Offers