Hey guys,
Can any one help me with a list of most Ideal tools that one can use to inetiate a level1 and level2 investigation in a windows environment.
Breaking the tools under the following categories
Acquisition Tools
Media Management Analysis Tools
File System Analysis Tools
Application Analysis Tools
with appropriate cotings if possible.
cheers!!
inetiate[sic] a level1 and level2 investigation
Can you describe what you mean by "level1" and "level2", or provide a reference for the definitions?
Acquisition Tools
For a live forensics investigation, I'd recommend the Forensic Server Project, as outlined in my book, "Windows Forensics and Incident Recovery" (
Application Analysis Tools
Depends on the application…for IIS 5.x, mdutil.exe. For IIS 6, WMI. For pulling metadata from MS Office documents, etc., I'd use Perl (Win32::OLE module).
If by "application analysis", you're also referring to information about executables, I'd suggest strings.exe, Perl (for pulling file version info, etc.).
with appropriate cotings if possible.
What is "cotings"?
Hope that helps,
Harlan