Results 1 to 7 of 7

Thread: Tool list suggestions

  1. #1
    Senior Member IKnowNot's Avatar
    Join Date
    Jan 2003
    Posts
    792

    Question Tool list suggestions

    Someone ( a typical home computer user ) has contacted me concerning a problem with their computer. It is possible that it is a spoofing incident, but the circumstances indicate strongly it is some type of Trojan / backdoor.

    ( I can’t / won’t be more specific at this time )

    Over the phone I guided them through updating their anti-virus software ( found nothing ), installing a firewall ( Zone-Alarm ) and downloading and installing Ad-Aware ( found an excess of 450 items which were removed! ) and directed them toward the thread How to Lock Down Your WinXP Box...
    which I was told they did. Also I was told that they have kept up with Microsoft updates.

    I scanned their ports over the net. ( They have a cable modem w/router, found nothing unusual, but I was scanning the router, I believe it is a Linksys. )

    The problem still persists.

    At this time I am just going to try to identify the problem, am not foreseeing I will need forensic evidence for a court, and so I believe I should start by NOT disconnecting from the net to have them bring the machine to me.

    Looks like a Road Trip!!

    My question is, what tools should I bring with me. So far I have decided on SuperScan 3.0 and Fport both from http://www.foundstone.com

    Any other suggestions??
    " And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes

  2. #2
    You could also try Advanced Administrative Tools, at this time you can download a trial version of it. You can download it here: www.glocksoft.com/aatools.htm . Its a very useful tool as it has almost everything from whois, proxy analyzer, email verifier, link verifier and all kinds of other cool stuff. Good luck , i'm at work rite now but when I get home later on i'll get u some more programs that u could use.
    [gloworange]\"Imagine a school with children that can read and write, but with teachers who cannot, and you have a metaphor of the Information Age in which we live.\" — Peter Cochrane[/gloworange]

  3. #3
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,785
    pstool kit from systernals.com

    id like to give you more informatioin but im afraid i cant/wont at this time (its got a readme anyway)
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  4. #4
    HeadShot Master N1nja Cybr1d's Avatar
    Join Date
    Jul 2003
    Location
    Boston, MA
    Posts
    1,840
    www.atstake.com/research/tools/Network_utilities is a site full of cool tools, also it gives you links to other sites with tools i believe. A very good site which I use myself is : http://neworder.box.sk try them out , GOOD LUCK

  5. #5
    Don't forget the basics. If he/she's been hacked, you can't truly rely on the basic MS utils that come with the OS. They could have been compromised.
    \"Death is more universal than life; everyone dies but not everyone lives.\"
    A. Sachs

  6. #6
    Junior Member
    Join Date
    Aug 2003
    Posts
    11
    I would recommend using Accessdata's FTK (Forensic Toolkit) at http://www.accessdata.com/Product04_...?ProductNum=04 which is expensive, but cheaper than their competitor. I purchased the Ultimate toolkit and a week long training course on the product. Its awesome.

  7. #7
    Senior Member IKnowNot's Avatar
    Join Date
    Jan 2003
    Posts
    792
    Thanks for the advice, here’s an update.

    Due to scheduling problems I could not get together with her to check the computer myself..

    Here is what was happening; she was receiving e-mails sent from her own cable account to her AOL account which contained pictures and documents from her computer! She even received them after she updated her anti-virus software, installed firewall, etc.

    I also began noticing reported attacks starting to show up from her cable address on Dshield.

    I sent her an e-mail with the links to Trojan Remover and The Cleaner but that e-mail disappeared!

    I contacted her after not hearing a reply for a few days, resent the e-mail, she checked the system using the above programs and found nothing. But the e-mails, etc. seemed to have stopped ( for now )

    I’m hoping the hacker read the e-mail and cleaned the system themselves to cover their tracks. She has also been advised to change all passwords, etc.

    Crossing my fingers on this one.
    " And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •