±Forensic Focus Partners
New Today: 5
New Yesterday: 3
±Follow Forensic Focus
· FT Cyber Security Summit Europe – London 22nd September
· The Future of Mobile Forensics
· TSFIC 2015 – Recap
· Evidence Acquisition and Analysis from Live Exchange
· TDFCon 2015 – Recap
· Acquiring Windows PCs
· Evidence Acquisition and Analysis from iCloud
· TSFIC 2015 – Myrtle Beach 31st May – 3rd June
· Forensics Europe Expo 2015 – Recap
Incident Response toolkit for a linux machine
I am currently doing a project named "Live forensics in a linux machine" and for it I wanted some advice as in what toolkits i should use. I was thinking to use 2 toolkits but i am unable to determine which one.
Also i m a bit newbie in linux so would really appreciate if i could now how to use them if they are in command format.
I have read about few commands like netcat, etc. but i dont how do i use them in the suspects machine and get its output on my pd which has the toolkit.
Thanks in advance.
Really need some help on it.
Linux itself is built with a number of handy tools. Just running netstat can provide a lot of info. Fport (downloaded from www.mcafee.com/us/down...port.aspx) can show executables attached to open ports, etc. What are you looking for? Is it mainly network connections?
For a 'toolkit' there's Helix, or Deft (http://www.deftlinux.net/).
Any reason why you couldn't use a live boot disc like Paladin or any of the other Linux based live distros that are out there and then conduct the examination on the drive?
Much more forensically sound than running CLI strings on a live system.
- Senior Member