neilgeol.niu.edu wrote:

> "Meritt James" <meritt_jamesbah.com> wrote in response to me:
>
> [ ... Kit of tools on a CD-ROM ... ]
>
> >REAL good suggestion! Any specific recommendations as to what should be
> >on the CD?
>
> Thanks! I think I picked up the idea from someone on this list, as a
> matter of fact. I wish I could remember who.

Carv perhaps??

He teaches forensics and other post-mortem courses, and features such
a disk that I seem to recall him mentioneing here.

Aside from that, it is a fairly obvious idea -- if you have to run
code in a compromised environment (not necessarily a good idea to do
extensively if you are doing forensics work) then obviously you must
not trust anything already on the machine. (Of course, at some level
the tools on the CD are "trusting" the various APIs, etc to be
returning true results and as anyone who has failed to adequately
handle a box with a rootkit installed will tell you, that is not a
clever idea...).

Regards,

Nick FitzGerald

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]