±Partners and Sponsors
New Today: 1
New Yesterday: 6
· Investigating the Dark Web – The Challenges of Online Anonymity for Digital Forensics Examiners
· The Complete Workflow of Forensic Image and Video Analysis
· Browser Anti Forensics
· Coming apart at the SIEMs …
· WeChat Forensics
· DFRWS Europe 2014 Annual Conference – Recap
· Considering A Career in Audio-Video Forensics? Enhance Your Prospects With Continuing Education
· Forensics Europe Expo 2014 – Recap
· Windows Logon Password – Get Windows Logon Password using Wdigest in Memory Dump
±Follow Forensic Focus
Incident Response toolkit for a linux machine
I am currently doing a project named "Live forensics in a linux machine" and for it I wanted some advice as in what toolkits i should use. I was thinking to use 2 toolkits but i am unable to determine which one.
Also i m a bit newbie in linux so would really appreciate if i could now how to use them if they are in command format.
I have read about few commands like netcat, etc. but i dont how do i use them in the suspects machine and get its output on my pd which has the toolkit.
Thanks in advance.
Really need some help on it.
Linux itself is built with a number of handy tools. Just running netstat can provide a lot of info. Fport (downloaded from www.mcafee.com/us/down...port.aspx) can show executables attached to open ports, etc. What are you looking for? Is it mainly network connections?
For a 'toolkit' there's Helix, or Deft (http://www.deftlinux.net/).
Any reason why you couldn't use a live boot disc like Paladin or any of the other Linux based live distros that are out there and then conduct the examination on the drive?
Much more forensically sound than running CLI strings on a live system.
- Senior Member