OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Matthew.Brownpredictive.com
Date: Sun Mar 17 2002 - 19:17:17 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Folks

            I'd like to create a list of resources to respond to future
    inquiries on this list. I will maintain this list to keep from adding to
    the moderator's existing workload. I suggest listing tools and services
    in the following areas. I've added a few to get us started below my
    signature block.

            This might also help in determining a scope for forensics labs and
    field kits. Many tools have moved through this list and it is a shame we
    haven't been keeping track of them. There are plenty of web sites, but I
    think with the expertise we have on this list, we could also provide some
    feedback on these tools once a list has been compiled. Feedback and
    participation is welcome.

    Thanks,
    Matthew Brown, CISSP
    Principal Consultant

    Sandbox tools (To Trap):
            snort
            trafshow
            ethereal
            tcpdump
            nmap

    IDS (To Detect): (These are the tools that create evidence we end up
    examining during incidents afterall)
            Cisco Host Based
            VigilEnt Security Agents
            Dragon
            Network Flight Recorder
            snort
            RealSecure
            Netranger
            Netprowler
            BlackIce
            Intruder Alert

    Evidence Capturing - Software:
            EnCase (www.GuidanceSoftware.com)
            dd (Comes with *nix)
            netcat (nc)

    Evidence Capturing - Hardware:
            ImageMaster Solo2 - Hardware duplicator
            F.R.E.D. and his brothers - Hardware

    Evidence Examination:
            Coroner's Toolkit (TCT)
            EnCase
            SATAN
            NTI

    Data Recovery:
            OnTrack's Easy Recovery
            Norton Utilities
            NTI

    Certifications - Organizations that certify in the areas of Digital
    Forensics, Incident Response, or Digital Investigations:
            HTCN
            SANS

    Training - Organizations that train in the areas of Digital Forensics,
    Incident Response, or Digital Investigations:
            SANS & SANSfire
            Guidance Software
            NTI

    -----------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management
    and tracking system please see: http://aris.securityfocus.com