From: Russell Fulton (r.fultonauckland.ac.nz)
Date: Thu Apr 14 2005 - 03:01:59 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 2005-04-13 at 12:01 +0000, Bob the Builder wrote:

> In the Unix environment there seem to be various lists of bits and pieces
> but no really definitive list of commands related to gathering volatile
> information that you should and shouldn't run and what types of things they
> are likely to interfere with. Am I missing something here, does just such a
> list exist and I'm just not looking in the right place, or is it about time
> somone set about righting one? I'm not talking about a religious argument on
> the merits of what stage a machine should be taken offline at but more what
> the volatile data gathering options are that are available to you if as in
> incident handler you need them.

Have you had a look at "The coroners toolkit":
http://www.porcupine.org/forensics/tct.html

• application/x-pkcs7-signature attachment: smime.p7s

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]