Joshua, > I was able to copy some files over the network before I > took the computer into custody. What tools are out there > that can really be helpful in monitoring/forensics.
It really depends on what you want to do. As far as forensics goes, there have been some good recommendations from EnCase and commercial tools to freeware such as TCT, Autopsy, and TASK. If the system you're working with is Windows (NT/2K/XP), there are plenty of things you can do. You can collect a great deal of volatile information from the system (processes, ports, process-to-port mappings, etc) with a wide variety of freeware tools. Grabbing that information and analyzing it can tell you what, if anything, is wrong with the system. Pslist, handle, and listdlls from SysInternals, fport from Foundstone and the native netstat can be used, and then procdmp.pl from http://patriot.net/~carvdawg can be used to consolidate the process information out into an HTML file (example output file http://patriot.net/~carvdawg/pd.html). HTH __________________________________________________ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com
