computer forensics
Download
Skip this Video
Download Presentation
NETinfo 2008-10-10

Loading in 2 Seconds...

play fullscreen
1 / 15

NETinfo 2008-10-10 - PowerPoint PPT Presentation


  • 60 Views
  • Uploaded on

Computer Forensics. NETinfo 2008-10-10. NETinfo 2008-10-10.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' NETinfo 2008-10-10' - bazyli


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
netinfo 2008 10 10
NETinfo 2008-10-10

Computer forensics is simply the application of computer investigation and analysis techniques in the interests of determining potential legal evidence. Evidence might be sought in a wide range of computer crime or misuse, including but not limited to theft of trade secrets, theft of or destruction of intellectual property, and fraud.

Tidskrävande

Det underlättar om man vet vad man letar efter

slide3
Linux distributioner med säkerhet i fokus

BackTrack

Helix

Operator

PHLAK

Auditor

L.A.S. Linux

Knoppix-STD

F.I.R.E.

NETinfo 2008-10-10
netinfo 2008 10 101
NETinfo 2008-10-10
  • Helix
  • Helix is a customized distribution of Ubuntu Linux. It focuses on incident response and computer forensics.
  • Maintainer: e-fense
  • OS: Linux,Windows,Solaris
  • Genre: Live CD
  • License: GPL, others
  • Website: e-fense.com/helix/
netinfo 2008 10 103

Helix, Bootable Linux

Adepto, Imaging program utilizing dcfldd

Autopsy and Sleuthkit, forensic file system investigation

Scalpel, data carving from image files

Clamav, Anti-Virus program

Ubuntu-baserad (Knoppix tidigare), använder Gnome

NETinfo 2008-10-10
netinfo 2008 10 104

Helix, Windows Live

Access PassView

IECookiesView

IEHistoryView

MessenPass

Network Password Recovery

PC On/Off Time

Process Explorer

Rootkit Revealer

WFT (The Windows Forensic Toolchest)‏

NETinfo 2008-10-10
netinfo 2008 10 1010

WFT

The Windows Forensic Toolchest™ (WFT) is designed to provide a structured and repeatable automated Live Forensic Response, Incident Response, or Audit on a Windows system while collecting security-relevant information from the system.

WFT is essentially a forensically enhanced batch processing shell capable of running other security tools and producing HTML based reports in a forensically sound manner.

http://www.foolmoon.net/security/wft/

NETinfo 2008-10-10
netinfo 2008 10 1011

WFT features

Generation Of Both Raw Text And HTML Reports

User-Editable Config File Controls Execution

Ability To Run Locally, Via CD/DVD, Or Thumb Drive

Configurable Toolpath

Macros Which Expand Dynamically Based On Run-Time Values

Detailed Run-Time Logging

Verification Of All Executed Tools

Detailed Hashing Of Output

Support For MD5 Hash

Support For SHA1 Hash

Ability To Verify WFT Config Files

Automatic Updating Of WFT Hash Values For Tools

WFT\'s Interactive Mode Provides Command-Line Alternative

Ability To Run SysInternals Tools Without ‘-accepteula’

Color Output Highlights Important Info

Automatic OS & Drive Detection

Ability To Run Commands Based On Run-Time OS

Ability To Fetch 3rd-Party Tools

http://www.foolmoon.net/downloads/Live_Forensics_Using_WFT.pdf

NETinfo 2008-10-10
tips f r windows anv ndare skaffa ubuntu 8 04 live cd kan b de l sa och skiva till ntfs partitioner
Tips för Windows användare!

Skaffa Ubuntu 8.04 Live CD

Kan både läsa och skiva till NTFS partitioner

NETinfo 2008-10-10
ad