FYI
------- Forwarded message follows -------
Date sent: Tue, 1 Aug 2000 08:10:45 -0400
Send reply to: Wietse Venema <[EMAIL PROTECTED]>
From: Wietse Venema <[EMAIL PROTECTED]>
Subject: Dan & Wietse's Forensics Tools released
To: [EMAIL PROTECTED]
It is with great relief that we announce the first official release of
the Coroner's Toolkit software, also called TCT.
TCT is a collection of programs that can be used for a post-mortem
analysis of a UNIX system after break-in. The software was
presented
first during a free Computer Forensics Analysis class that we gave
one
year ago (almost to the day).
Notable TCT components are the grave-robber tool that captures
information, the ils and mactime tools that display access patterns
of
files dead or alive, the unrm and lazarus tools that recover deleted
files, and the keyfind tool that recovers cryptographic keys from a
running process or from files.
To set your expectations, the TCT software is not for the faint of
heart. It is relatively unpolished compared to the software that we
usually release. TCT can spend a lot of time collecting data. And
although TCT collects lots of data, many analysis tools still need to
be written. Nevertheless TCT sure beats the competition, which is
non-existent, and beats them at the right price, too.
TCT runs on recent versions of SUN Solaris, FreeBSD, RedHat
Linux,
BSD/OS, OpenBSD, and even runs on SunOS 4.x. It requires perl
5.004 or
later, although perl 5.000 is probably adequate if you are going to do
the actual analysis on a different machine.
TCT source code is available from the following places:
http://www.porcupine.org/forensics/
http://www.fish.com/forensics/
ftp://tct.earthlink.net/pub/
Enjoy!
Wietse Venema
Dan Farmer
------- End of forwarded message -------
-
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
