New Today: 1
New Yesterday: 12
· KS – an open source bash script for indexing data
· Mobile Device Geotags & Armed Forces
· Categorization of embedded system forensic collection methodologies
· Interpretation of NTFS Timestamps
· What are ‘gdocs’? Google Drive Data – part 2
· What are ‘gdocs’? Google Drive Data
· Bad Sector Recovery
· Forensic Artifact: Malware Analysis in Windows 8
· Windows 8: Important Considerations for Computer Forensics and Electronic Discovery
Incident Response toolkit for a linux machine
I am currently doing a project named "Live forensics in a linux machine" and for it I wanted some advice as in what toolkits i should use. I was thinking to use 2 toolkits but i am unable to determine which one.
Also i m a bit newbie in linux so would really appreciate if i could now how to use them if they are in command format.
I have read about few commands like netcat, etc. but i dont how do i use them in the suspects machine and get its output on my pd which has the toolkit.
Thanks in advance.
Really need some help on it.
Linux itself is built with a number of handy tools. Just running netstat can provide a lot of info. Fport (downloaded from www.mcafee.com/us/down...port.aspx) can show executables attached to open ports, etc. What are you looking for? Is it mainly network connections?
For a 'toolkit' there's Helix, or Deft (http://www.deftlinux.net/).
Any reason why you couldn't use a live boot disc like Paladin or any of the other Linux based live distros that are out there and then conduct the examination on the drive?
Much more forensically sound than running CLI strings on a live system.
- Senior Member