Appendix E: On the CD-ROM

 < Day Day Up > 



The following forensic tools, demos, and presentations are included on the accompanying CD-ROM.

Please visit the Web sites for exact system requirements, FAQs, updates, ordering information, licenses and links to other tools and sources. The information contained on the CD-ROM is the property of the respective developers. It may not be distributed without their permission. Inquiries regarding the software contained on the CD-ROM should be directed to the developers of the products. In addition, please review the publisher’s disclaimer at the beginning of the book.

The Forensics Challenge Partition Images (also see case study in text)
http://project.honeynet.org/challenge/
Sponsored by the HoneyNet Project
http://project.honeynet.org/

Partition Images from The Forensics Challenge, real images of hacked computers and complete forensics analysis. The Forensic Challenge is an effort to allow incident handlers around the world to all look at the same data—an image reproduction of the same compromised system—and to see who can dig the most out of that system and communicate what they’ve found in a concise manner. This is a nonscientific study of tools, techniques, and procedures applied to postcompromise incident handling.

FW-1 Specific Network Intrusion Detector
Lance Spitzner
http://www.enteract.com/~lspitz/intrusion.html

This paper discusses how you can detect scans, probes, and unauthorized activity using your FW-1 firewall and a simple script, which I call alert.sh. This tool is written specifically for UNIX systems and has been tested with Linux, Solaris, and Nokia platforms and FW-1. There are two different version of this script you can download. If you are running FW-1 version 4.1 or below, you want to download and use alert.sh ver 1.4.5. If you are running FW-1 NG (Next Generation), you want to download and use alert.sh ver 2.1.1

RecoverNT v3.5
Recover98 v3.5
FILERECOVERYfor Windows v2.1
PHOTORECOVERY for Digital Media 1.5
LC Technology International, Inc.
28100 US Hwy 19 North, Suite 203
Clearwater, FL 3371
727-449-0891
http://www.lc-tech.com
info@lc-tech.com

Over 75 percent of data loss is accidental or caused by user error, and now more than ever, businesses today rely on their data for day-to-day operations. FILERECOVERY gives you support for all current Microsoft operating systems. RecoverNT and Recover98 both support all current Microsoft operating systems. PhotoRecovery recovers deleted images from digital media and supports all current Microsoft operating systems.

Free Hex Editor v1.1
Raihan Kibria
http://www.kibria.de/frhed.html

Frhed (free hex editor) is a free binary file editor for all 32-bit Windows releases, like 95/98/Me/NT/2000/XP (it also runs under Win 3.11 with Win32s). It is open-sourced and comes with C++ source code. Features include search & replace for any combination of binary and text data, file comparison, bit manipulation, customizable display colors and font size, ANSI or OEM character set, cut & paste, bookmarking and more.

The Coroner’s Toolkit (TCT)
Dan Farmer and Wietse Venema
http://www.fish.com/tct/
http://www.porcupine.org/forensics/

TCT is a collection of programs by for a post-mortem analysis of a UNIX system after break-in. Notable TCT components are the grave-robber tool that captures information, the ils and mactime tools that display access patterns of files dead or alive, the unrm and lazarus tools that recover deleted files, and the findkey tool that recovers cryptographic keys from a running process or from files. The Coroner’s Toolkit is a collection of tools designed to assist in a forensic examination of a computer. It is primarily designed for Unix systems, but it can some small amount of data collection & analysis from non-Unix disks/media.

WinHex 10.45
X-Ways Software Technology AG
Carl-Diem-Str. 32
32257 Bünde
Germany
http://www.x-ways.com

An advanced tool for everyday and emergency use: Inspect or repair all kinds of files, recover deleted files or lost data from corrupt hard drives or digital camera cards. This hex editor grants access to data other programs hide from you.

Protect2000 Security Suite (Product Presentation)
Computer Security Products Inc.
5770 Hurontario Street, Suite 700
Mississauga, Ontario L5R 3G5
905-568-8900
http://.www.TandemSecurity.com

Uses sophisticated modeling techniques to define and manage network wide security policy on Compaq NonStop Himalaya Servers. Protect2000 includes Auditview for Windows(Safeguard audit reporting tool), Alert-plus, and Tandem Security Analyzer (TSA-security review and recommendations) that are all bundled into the Protect2000 interface which itself handles user, policy and object management.

TCPurify 0.9.6
Ethan Blanton
http://irg.cs.ohiou.edu/~eblanton/index.html

TCPurify is a packet sniffer/capture program similar to tcpdump, but with much reduced functionality. What sets TCPurify apart from other, similar programs is its focus on privacy. TCPurify is designed from the ground up to protect the privacy of users on the sniffed network as much as possible.

Mazu Enforcer (Product Presentation)
Mazu Networks
125 CambridgePark Drive
Sixth Floor
Cambridge, MA 02140
Ph: 617.354.9292
Fax: 617.354.9272
http://www.mazunetworks.com

This dynamic video demonstration shows the Mazu Enforcer in action, from a user’s perspective, as it is used for DDoS Attack detection, mitigation and detailed traffic analysis.The screens show the Enforcer’s own Graphical User Interface used for management, administration, and configuration of the Mazu Enforcer.



 < Day Day Up > 



Computer Forensics. Computer Crime Scene Investigation
Computer Forensics: Computer Crime Scene Investigation (With CD-ROM) (Networking Series)
ISBN: 1584500182
EAN: 2147483647
Year: 2002
Pages: 263
Authors: John R. Vacca

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net