Computer forensics
1 / 15

NETinfo 2008-10-10 - PowerPoint PPT Presentation

  • Uploaded on

Computer Forensics. NETinfo 2008-10-10. NETinfo 2008-10-10.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'NETinfo 2008-10-10' - bazyli

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Computer forensics

Computer Forensics

NETinfo 2008-10-10

Netinfo 2008 10 10
NETinfo 2008-10-10

Computer forensics is simply the application of computer investigation and analysis techniques in the interests of determining potential legal evidence. Evidence might be sought in a wide range of computer crime or misuse, including but not limited to theft of trade secrets, theft of or destruction of intellectual property, and fraud.


Det underlättar om man vet vad man letar efter

Netinfo 2008 10 10

Linux distributioner med säkerhet i fokus






L.A.S. Linux



NETinfo 2008-10-10

Netinfo 2008 10 101
NETinfo 2008-10-10

  • Helix

  • Helix is a customized distribution of Ubuntu Linux. It focuses on incident response and computer forensics.

  • Maintainer: e-fense

  • OS: Linux,Windows,Solaris

  • Genre: Live CD

  • License: GPL, others

  • Website:

Netinfo 2008 10 103

Helix, Bootable Linux

Adepto, Imaging program utilizing dcfldd

Autopsy and Sleuthkit, forensic file system investigation

Scalpel, data carving from image files

Clamav, Anti-Virus program

Ubuntu-baserad (Knoppix tidigare), använder Gnome

NETinfo 2008-10-10

Netinfo 2008 10 104

Helix, Windows Live

Access PassView




Network Password Recovery

PC On/Off Time

Process Explorer

Rootkit Revealer

WFT (The Windows Forensic Toolchest)‏

NETinfo 2008-10-10

Netinfo 2008 10 1010


The Windows Forensic Toolchest™ (WFT) is designed to provide a structured and repeatable automated Live Forensic Response, Incident Response, or Audit on a Windows system while collecting security-relevant information from the system.

WFT is essentially a forensically enhanced batch processing shell capable of running other security tools and producing HTML based reports in a forensically sound manner.

NETinfo 2008-10-10

Netinfo 2008 10 1011

WFT features

Generation Of Both Raw Text And HTML Reports

User-Editable Config File Controls Execution

Ability To Run Locally, Via CD/DVD, Or Thumb Drive

Configurable Toolpath

Macros Which Expand Dynamically Based On Run-Time Values

Detailed Run-Time Logging

Verification Of All Executed Tools

Detailed Hashing Of Output

Support For MD5 Hash

Support For SHA1 Hash

Ability To Verify WFT Config Files

Automatic Updating Of WFT Hash Values For Tools

WFT's Interactive Mode Provides Command-Line Alternative

Ability To Run SysInternals Tools Without ‘-accepteula’

Color Output Highlights Important Info

Automatic OS & Drive Detection

Ability To Run Commands Based On Run-Time OS

Ability To Fetch 3rd-Party Tools

NETinfo 2008-10-10

Tips f r windows anv ndare skaffa ubuntu 8 04 live cd kan b de l sa och skiva till ntfs partitioner

Tips för Windows användare!

Skaffa Ubuntu 8.04 Live CD

Kan både läsa och skiva till NTFS partitioner

NETinfo 2008-10-10