Notifications

Clear all

Ideal Forensic Tools (For Windows)

General (Technical, Procedural, Software, Hardware etc.)

Last Post by keydet89 21 years ago

2 Posts

2 Users

0 Reactions

607 Views

RSS

pummatt

(@pummatt)

New Member

Joined: 21 years ago

Posts: 4

Topic starter 24/10/2004 11:05 am

Hey guys,

Can any one help me with a list of most Ideal tools that one can use to inetiate a level1 and level2 investigation in a windows environment.

Breaking the tools under the following categories

Acquisition Tools

Media Management Analysis Tools

File System Analysis Tools

Application Analysis Tools

with appropriate cotings if possible.

cheers!!

Quote

keydet89

(@keydet89)

Famed Member

Joined: 21 years ago

Posts: 3568

25/10/2004 12:47 pm

inetiate[sic] a level1 and level2 investigation

Can you describe what you mean by "level1" and "level2", or provide a reference for the definitions?

Acquisition Tools

For a live forensics investigation, I'd recommend the Forensic Server Project, as outlined in my book, "Windows Forensics and Incident Recovery" ( http://www.windows-ir.com ).

Application Analysis Tools

Depends on the application…for IIS 5.x, mdutil.exe. For IIS 6, WMI. For pulling metadata from MS Office documents, etc., I'd use Perl (Win32::OLE module).

If by "application analysis", you're also referring to information about executables, I'd suggest strings.exe, Perl (for pulling file version info, etc.).

with appropriate cotings if possible.

What is "cotings"?

Hope that helps,

Harlan

ReplyQuote

8 Forums
15.7 K Topics
92.3 K Posts
175 Online
41.1 K Members

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed