±Partners and Sponsors
New Today: 2
New Yesterday: 7
· Man In The Middle Attack: Forensics
· Extracting Evidence from Destroyed Skype Logs and Cleared SQLite Databases
· Windows 8 File History Analysis
· Understanding Rootkits: Using Memory Dump Analysis for Rootkit Detection
· Bitcoin Forensics Part II: The Secret Web Strikes Back
· OS X Mavericks Metadata
· Bitcoin Forensics – A Journey into the Dark Web
· Analysis Of iOS Notes App
· Forensic Software in Child Protection Cases
±Follow Forensic Focus
Incident Response toolkit for a linux machine
I am currently doing a project named "Live forensics in a linux machine" and for it I wanted some advice as in what toolkits i should use. I was thinking to use 2 toolkits but i am unable to determine which one.
Also i m a bit newbie in linux so would really appreciate if i could now how to use them if they are in command format.
I have read about few commands like netcat, etc. but i dont how do i use them in the suspects machine and get its output on my pd which has the toolkit.
Thanks in advance.
Really need some help on it.
Linux itself is built with a number of handy tools. Just running netstat can provide a lot of info. Fport (downloaded from www.mcafee.com/us/down...port.aspx) can show executables attached to open ports, etc. What are you looking for? Is it mainly network connections?
For a 'toolkit' there's Helix, or Deft (http://www.deftlinux.net/).
Any reason why you couldn't use a live boot disc like Paladin or any of the other Linux based live distros that are out there and then conduct the examination on the drive?
Much more forensically sound than running CLI strings on a live system.
- Senior Member