Network Security: Detailed info on Re: Gathering volatile information

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Incidents

[Top] [All Lists]

Re: Gathering volatile information

from [Russell Fulton] Network Security

[Permanent Link]

Subject:	Re: Gathering volatile information
Date:	Thu, 14 Apr 2005 20:01:59 +1200

On Wed, 2005-04-13 at 12:01 +0000, Bob the Builder wrote:

In the Unix environment there seem to be various lists of bits and pieces 
but no really definitive list of commands related to gathering volatile 
information that you should and shouldn't run and what types of things they 
are likely to interfere with. Am I missing something here, does just such a 
list exist and I'm just not looking in the right place, or is it about time 
somone set about righting one? I'm not talking about a religious argument on 
the merits of what stage a machine should be taken offline at but more what 
the volatile data gathering options are that are available to you if as in 
incident handler you need them.


Have you had a look at "The coroners toolkit":
http://www.porcupine.org/forensics/tct.html

smime.p7s
Description: S/MIME cryptographic signature

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Gathering volatile information, Bob the Builder Re: Gathering volatile information, Kyle Maxwell Re: Gathering volatile information, Russell Fulton <= Re: Gathering volatile information, Jeff Bryner

Previous by Date:	Re: What to do if they ignore you, Jose Maria Lopez Hernandez
Next by Date:	Re: What to do if they ignore you, Harlan Carvey
Previous by Thread:	Re: Gathering volatile information, Kyle Maxwell
Next by Thread:	Re: Gathering volatile information, Jeff Bryner
Indexes:	[Date] [Thread] [Top] [All Lists]