5319780 2000-08-01 21:58 /42 rader/ Brevbäraren (som är implementerad i) Python Mottagare: Bugtraq (import) <11993> Markerad av 1 person. Ärende: Dan & Wietse's Forensics Tools released ------------------------------------------------------------ From: Wietse Venema <wietse@PORCUPINE.ORG> To: BUGTRAQ@SECURITYFOCUS.COM Message-ID: <20000801121045.1BC2B440DC@hades.porcupine.org> It is with great relief that we announce the first official release of the Coroner's Toolkit software, also called TCT. TCT is a collection of programs that can be used for a post-mortem analysis of a UNIX system after break-in. The software was presented first during a free Computer Forensics Analysis class that we gave one year ago (almost to the day). Notable TCT components are the grave-robber tool that captures information, the ils and mactime tools that display access patterns of files dead or alive, the unrm and lazarus tools that recover deleted files, and the keyfind tool that recovers cryptographic keys from a running process or from files. To set your expectations, the TCT software is not for the faint of heart. It is relatively unpolished compared to the software that we usually release. TCT can spend a lot of time collecting data. And although TCT collects lots of data, many analysis tools still need to be written. Nevertheless TCT sure beats the competition, which is non-existent, and beats them at the right price, too. TCT runs on recent versions of SUN Solaris, FreeBSD, RedHat Linux, BSD/OS, OpenBSD, and even runs on SunOS 4.x. It requires perl 5.004 or later, although perl 5.000 is probably adequate if you are going to do the actual analysis on a different machine. TCT source code is available from the following places: http://www.porcupine.org/forensics/ http://www.fish.com/forensics/ ftp://tct.earthlink.net/pub/ Enjoy! Wietse Venema Dan Farmer (5319780) ------------------------------------------