Re: complete forensics suite for linux?

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
Mder.hans at <-
MTechnomage at ->
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Bryan.ONeal@asu.edu
Date:  
To: plug-discuss
Subject: Re: complete forensics suite for linux?
When you say forensics suit, are you looking for something that will extract
deleted files, or something that will guide you through system snooping, or
something that will automatically produce an admissible custody trail that is
court trusted. The first is about getting your information, the second some one
else’s, the third is only for law enforcement.

There are a number of good packages for the first, a few for the second (though
I always felt like working on one), and I do not know any Linux solutions for
the third, though computer forensics is a big deal, particularly for the IRS.
(What do you want I’m an accountant ;)



Quoting "der.hans" <>:

> Am 19. Apr, 2005 schwätzte Technomage so:
>
> > google is feeding me pages and pages and pages of mostly windows (sic)
> stuff.
> > anyone happen to know a few good places for a linux based forensics
> suite
> > similar to the capabilities of Encase (tm)?
>
> Don't know Encase, but http://www.linux-forensics.com/ ( local project
> )
> and http://www.knoppix-std.org/ are bootable distros doing specializing
> in
> security and forensics.
>
> There's also the Coroner's Toolkit from Dan Farmer and Wietse Venema.
>
> http://www.porcupine.org/forensics/
>
> Here are some links I ran into while looking for CTK.
>
> http://staff.washington.edu/dittrich/misc/forensics/
>
> http://www.opensourceforensics.org/tools/unix.html
>
> I'm interested in finding out which tools will help in recovering
> deleted
> files on an ext3 filesystem.
>
> ciao,
> 
> der.hans
> -- 
> #  https://www.LuftHans.com/    http://www.AZOTO.org/
> #  I chose to use the kernel sources as my documentation.  ;-)
> #  -- Kevin Buettner
> ---------------------------------------------------
> PLUG-discuss mailing list - 
> To subscribe, unsubscribe, or to change  you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

>
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-Re: complete forensics suite for linux?Re: complete forensics suite for linux?->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)