evidence collection methodolgy for forensic investigation
This isn't something I've tested yet, but do you have a list of the .dll's used by the executables you recommend using with FSP? i.e, pstools, autoruns etc?
I can figure it out well enough on my own but wondered if you have done it already.
> do you have a list of the .dll's used by the executables you recommend using with FSP
Not yet. This sort of thing is something I've been working on with another project that I was given at work…well, the reality is that I started down the road w/ the FSP project, and the one I got from work is a more tightly focused version of the same thing.
Part of the issue with something like that is that the FSP was designed to be an open framework, so that any tools can be used. Using a Perl script to dump the import table of an executable is trivial…I've done it a couple of different ways now…but I can't possibly know every tool that people will use. I can only provide a subset of the tools, and the process, and from there let others do their own thing.