RE: [Full-Disclosure] Imaging Operating Systems

VMWare is a great way to go. You get a quarantined "guest" OS that you can 
restore by simply replacing a file. You can also take a "snapshot" of the OS 
and then just revert to that snapshot anytime you like. You can also set up a 
private LAN that is isolated to your test computer for multiple guest Oses - 
lets you watch how the applications want to communicate.

Baseline system -> Snapshot -> Do Bad Thing -> Rebaseline -> Revert to snapshot 
and Compare baselines -> Repeat as needed

- Tom Chmielarski



-----Original Message-----
From: full-disclosure-admin@lists.netsys.com 
[mailto:full-disclosure-admin@lists.netsys.com] On Behalf Of James Riden
Sent: Wednesday, May 26, 2004 4:24 PM
To: mbs@mistrealm.com
Cc: Full-Disclosure
Subject: Re: [Full-Disclosure] Imaging Operating Systems


Michael Schaefer <mbs@mistrealm.com> writes:

> Hi all
>
> We are building a Windows test system, to try out tool bars, spy ware, 
> malware and trojans on.
>
> Once we learn what we need to know, we obviously want to get rid of 
> the junk quickly and cleanly.
>
> I keep hearing suggestions about having a "clean image" to transfer 
> onto the computer.
>
> Can anyone send some details?

Ghost or Altiris can do this for you.

-- 
James Riden / j.riden@massey.ac.nz / Systems Security Engineer Information 
Technology Services, Massey University, NZ. GPG public key available at: 
http://www.massey.ac.nz/~jriden/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html