| Fire Forensics CD  |
FIRE is a portable bootable cdrom based distribution with the goal of providing an immediate environment to perform forensic analysis, incident response, data recovery, virus scanning and vulnerability assessment. This is a living project and might b |
785 |
|
| Forensic analysis of a live linux system (part 1) |
In this article serie is explained some of the methodologies how to analyse a running linux system properly, including the building of a toolbox for the job. |
736 |
|
| Forensic analysis of a live linux system (part 2) |
In this article serie is explained some of the methodologies how to analyse a running linux system properly, including the building of a toolbox for the job. |
612 |
|
| Honeynet Project |
The Honeynet Project aims to discovering ways blackhats intrude into systems, including the tools used & tactics after getting foothold of a system. This information is then shared with the community so that better defenses can be invented. They also |
498 |
|
| IDS logs in forensic analysis |
This article shows how valuable IDS-logs can be in analyzing a break-in. Alan Neville shows the reader how to dissect snort logs with tcpdump & ethereal. Good read if you want some detailed commenting on the packet dumps. |
509 |
|
| Incident and forensics articles |
SecurityFocus keeps all incident-related articles in one place for easy read. The areas range from forensics to incident response and has also entertaining stories related to these. There are some good articles in there, I recommend reading these if
|
578 |
|
| Incident response tools for unix (part 1) |
This is a three-part serie on tools that can be used on unix-based systems when doing incident response and forensics investigations. It takes on tools for OpenBSD, Solaris & Linux-based systems. It also explains what these tools can be used for with |
506 |
|
| Incident response tools for unix (part 2) |
This is a three-part serie on tools that can be used on unix-based systems when doing incident response and forensics investigations. It takes on tools for OpenBSD, Solaris & Linux-based systems. It also explains what these tools can be used for with |
487 |
|
| The coroner's toolkit in depth |
This is a nice paper that explains how to use the tools in TCT efficiently for forensics purposes. The grave-robber part could be used to collect volative data while the machine is up and non-volatile data after it has been brought down, the other to |
516 |
|
| Using dd over the network |
This HowTo explains how you can copy the entire contents of a PC over the network, in case you do not have enough big removable media or it is not feasible to remove the original HDD of the machine. It is quite a straightforward paper.
|
509 |
