hey im doing a project for my cisco class and i was wondering if any of you guys knew of some computer forensics software that i could research and get some information on
Printable View
hey im doing a project for my cisco class and i was wondering if any of you guys knew of some computer forensics software that i could research and get some information on
don't know if you would find it useful, but try the forensic toolkit :
http://www.accessdata.com/ftkuser/
else you could take a look at Encase, but it is very expensive to buy :(
http://www.guidancesoftware.com/support/downloads.shtm
it is the most popular forensic tool though :)
This is a little more advanced but you could download this ISO image, use it to create a Linux boot CD that has a ton of forensics tools on it and boot it up on the system you want to analyze.
It's called Helix and is based off the Knoppix build. Check out here http://www.e-fense.com/helix/
All you do it download this image, burn it to CD, boot the CD up on the system you want to analyze, mount the local file system (mount /dev/hda1 /mnt/hda1), and use the tools.
If you need to transfer files from it to another location just hook up an external drive (USB,etc) that has a FAT/FAT32 partition on it and save stuff to it.
Hope this helped more than confuse.
You could also try using KNOPPIX STD (security Tools Distribution)
hmmm didn't I start a thread for requesting tools from people? look deeper in this forum silent-mage...
silent-mage wrote:
"....software that i could research and get some information on".
Answer:
The Coroners Tool Kit, you can locate the information here:
http://www.fish.com/tct/
I am really surprised know one mentioned www.foundstone.com for forensic software.
http://www.ultimatebootcd.com/ UBCD has INSERT as well, if you download that ISO. Very similar to many of the others mentioned, Knoppix, etc. The only commercial app I am familiar with is EnCase from guidance...been around for years, has a decent following in the Law Enforcement/Government sectors.
Link to insert => http://www.inside-security.de/insert_en.html