November 15th, 2004, 07:26 PM
hey im doing a project for my cisco class and i was wondering if any of you guys knew of some computer forensics software that i could research and get some information on
November 15th, 2004, 11:28 PM
don't know if you would find it useful, but try the forensic toolkit :
else you could take a look at Encase, but it is very expensive to buy
it is the most popular forensic tool though
November 16th, 2004, 06:12 AM
This is a little more advanced but you could download this ISO image, use it to create a Linux boot CD that has a ton of forensics tools on it and boot it up on the system you want to analyze.
It's called Helix and is based off the Knoppix build. Check out here http://www.e-fense.com/helix/
All you do it download this image, burn it to CD, boot the CD up on the system you want to analyze, mount the local file system (mount /dev/hda1 /mnt/hda1), and use the tools.
If you need to transfer files from it to another location just hook up an external drive (USB,etc) that has a FAT/FAT32 partition on it and save stuff to it.
Hope this helped more than confuse.
November 16th, 2004, 02:17 PM
Computers do not have problems, they have users.
November 16th, 2004, 10:20 PM
hmmm didn't I start a thread for requesting tools from people? look deeper in this forum silent-mage...
Antionline in a nutshell
\"You\'re putting the fate of the world in the hands of a bunch of idiots I wouldn\'t trust with a potato gun\"
Trust your Technolust
December 30th, 2004, 07:17 PM
"....software that i could research and get some information on".
The Coroners Tool Kit, you can locate the information here:
December 30th, 2004, 07:29 PM
I am really surprised know one mentioned www.foundstone.com for forensic software.
December 30th, 2004, 07:48 PM
http://www.ultimatebootcd.com/ UBCD has INSERT as well, if you download that ISO. Very similar to many of the others mentioned, Knoppix, etc. The only commercial app I am familiar with is EnCase from guidance...been around for years, has a decent following in the Law Enforcement/Government sectors.
Link to insert => http://www.inside-security.de/insert_en.html
"Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
"...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore
December 30th, 2004, 08:45 PM
I use USB memory keys to keep most of my 'tools' (and have one for Helix atm).
I'm curious as to which Linux forensic OS more people would recommend, between Helix and INSERT?