Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: What detection tools are available?

  1. #1
    Junior Member
    Join Date
    Nov 2005
    Posts
    4

    What detection tools are available?

    Hi,

    I wasn't sure at the beginning where to post, and in the matter of fact I am still not sure!! Anyhow if I am posting in wrong section I apologise.

    Now, my question is about what kind of tools are available that would help me identify before and after changes in my machine?! For example I want to identify what kind of files and values are being made to my computer when I try to install new software.



    Thanks
    aak19

  2. #2
    Leftie Linux Lover the_JinX's Avatar
    Join Date
    Nov 2001
    Location
    Beverwijk Netherlands
    Posts
    2,534
    We'll need some more information here..

    Most importantly what operating system are you running..
    ASCII stupid question, get a stupid ANSI.
    When in Russia, pet a PETSCII.

    Get your ass over to SLAYRadio the best station for C64 Remixes !

  3. #3
    Senior Member
    Join Date
    Oct 2003
    Posts
    394
    If you are using Windows so here you can find some progs that can help you to monitor changes
    http://www.sysinternals.com/
    and also SpyBot has lot of tools (in advanced mode) that can be used for checking you system
    // too far away outside of limit

  4. #4
    Senior Member
    Join Date
    Mar 2004
    Posts
    557
    Hi

    Assuming some Windows derivatives, I suggest
    the classic pair:

    -> Sysinternals File monitor[1]
    -> Sysinternals Registry monitor[2]

    or the all-in-one solution by epsilonsquared[3].
    Have a look at this new tutorial[4] for some
    additional aspects.

    Linux: dnotify[5] / inotify[6] (?)

    Cheers.


    [1] http://www.sysinternals.com/Utilities/Filemon.html
    [2] http://www.sysinternals.com/Utilities/Regmon.html
    [3] http://www.epsilonsquared.com/
    [4] http://www.antionline.com/showthread...hreadid=272469
    [5] http://freshmeat.net/projects/dnotify/ (not performant)
    [6] http://www.edoceo.com/creo/inotify/
    [6a] http://www-128.ibm.com/developerwork...l-inotify.html
    If the only tool you have is a hammer, you tend to see every problem as a nail.
    (Abraham Maslow, Psychologist, 1908-70)

  5. #5
    Senior Member
    Join Date
    Oct 2003
    Posts
    394
    ..BTW... what monitoring tools mac has?
    // too far away outside of limit

  6. #6
    Junior Member
    Join Date
    Nov 2005
    Posts
    4
    Originally posted here by sec_ware
    Hi

    Assuming some Windows derivatives, I suggest
    the classic pair:

    -> Sysinternals File monitor[1]
    -> Sysinternals Registry monitor[2]

    or the all-in-one solution by epsilonsquared[3].
    Have a look at this new tutorial[4] for some
    additional aspects.

    Linux: dnotify[5] / inotify[6] (?)

    Cheers.


    [1] http://www.sysinternals.com/Utilities/Filemon.html
    [2] http://www.sysinternals.com/Utilities/Regmon.html
    [3] http://www.epsilonsquared.com/
    [4] http://www.antionline.com/showthread...hreadid=272469
    [5] http://freshmeat.net/projects/dnotify/ (not performant)
    [6] http://www.edoceo.com/creo/inotify/
    [6a] http://www-128.ibm.com/developerwork...l-inotify.html
    Thank you all for helping! My question was regarding Windows operating system, and to be precise XP.

    The sysinternal tools (i.e. file and registry monitoring tools) are excellent! However, what I am concerned about now is that those utilities are in real-time which means dozens if not hundreds of data are being revolved up and down the screen rapidly! Which is somewhat confusing to know what is what? But this is going to do fine as I was just introduced to such tools, I have to research around these utilities to try and reverse installations, to learn installation paths, files added, and new or altered records etc once a specific program were employed!

    Any adivce or comments are most welcomed!!



    Thanks
    aak19

  7. #7
    Computer Forensics
    Join Date
    Jul 2001
    Posts
    672
    Try Inctrl5. It's better than regmon and filemon for windows. Much more comprehensive, although I think you have to pay for it now..
    Antionline in a nutshell
    \"You\'re putting the fate of the world in the hands of a bunch of idiots I wouldn\'t trust with a potato gun\"

    Trust your Technolust

  8. #8
    Banned
    Join Date
    Aug 2004
    Posts
    534
    http://www.tripwire.com/kb/view.cfm?aid=62

    Tripwire looks for changes these by monitoring key attributes of files that should not change, including binary signatures, size, expected changes in size, etc. - and reporting its findings.

    AND TO PREVENT

    http://www.faronics.com/html/deepfreeze.asp

    Absolute Protection

    * Guarantees 100% workstation recovery on restart
    * Provides password protection and complete security
    * Protects multiple hard drives and partitions
    * Protects CMOS
    * Protects master boot record

    Integration and Compatibility

    * Supports multiple hard drives and partitions
    * Supports multi-boot environments
    * Compatible with Fast User Switching
    * Supports SCSI, ATA, SATA, and IDE hard drives
    * Offers single install for Windows 95,98ME, 2000, XP

  9. #9
    Senior Member
    Join Date
    Oct 2003
    Posts
    394
    you can also use filters in settings to chose what you want to monitor.

    // too far away outside of limit

  10. #10
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    LOL. How interesting that people are asking for this just after I posted a tut...

    Go download install watch pro. It's free and acts like a tape recorder on your system. Once you install software, you get a nice report back that shows alll changes and activities the installation performed.

    http://www.epsilonsquared.com/installwatch.htm



    Mr. Babis, visit the BSD forums. There are numerous toolz available for MACs.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •