Does anybody know any free networking tools/applications that can be used for live forensics.
Ideally Linux and open source, that can be used during live forensics?
Thanks
Check out these
http//
The link is old (2006) and I haven't used any of these, but it should get you started.
Can you be more specific? Do you want to do Log Analysis, or just load a forensically clean environment while the target system is still running?
It will be whilst the system is still running, so the network will be up. Any tools or applications - log analysis, volatile memory dump etc.
The types of tools needed to go out on-site and acquire enough information about a network attack.
Try researching FIRE, Helix, BackTrack, Sawmill Log Analyzer, Wireshark.
Greetings,
I'd use splunk rather than sawmill. I've been fighting sawmill issues for months without relief. To their credit, it works very well on small datasets. It doesn't handle large ones well at all, and when it fails, it tends to corrupt your entire database.
Most Linux systems will have plenty of native tools for doing analysis, assuming that they've not been corrupted, which is a bad assumption.
Chanko86's suggestions are right on the mark.
-David
Does anybody know any free networking tools/applications that can be used for live forensics.
Ideally Linux and open source, that can be used during live forensics?Thanks
As far as networking tools go just use tcpdump to dump all traffic to file.
You can use almost any analysistool on the pcap file later..
Roland