What would people recommend for a Information Security Forensic Toolkit??
Something that does the following:
A software utility that would protect the subject computer system during
the forensic examination from any possible alteration, damage, data
corruption, or virus introduction.
A software utility that would discovers all files on the subject system.
This includes existing normal files, deleted yet remaining files, hidden
files, password-protected files, and encrypted files.
Another utility that would recover all (or as much as possible) of
discovered deleted files.
A data viewer that would reveal (to the extent possible) the contents of
hidden files as well as temporary or swap files used by both the
application programs and the operating system.
A report utility that would produce number of accesses, etc (if possible
and if legally appropriate) the contents of protected or encrypted files.
An analysis utility that would analyze all possibly relevant data found in
special (and typically inaccessible) areas of a disk. This includes but is
not limited to what is called 'unallocated' space on a disk (currently
unused, but possibly the repository of previous data that is relevant
evidence), as well as 'slack' space in a file (the remnant area at the end
of a file, in the last assigned disk cluster, that is unused by current
file data, but once again may be a possible site for previously created and
relevant evidence).
A report utility that would prints out an overall analysis in some sort of
pre-defined format.
If someone was developing this type of tool for the InfoSec community,
would this type of tool be of much interest on either the Linux or the
Windows platform. (i.e Windows 9x, NT, 2k)
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
