Ideal Forensic Tool...
 
Notifications
Clear all

Ideal Forensic Tools (For Windows)

2 Posts
2 Users
0 Likes
356 Views
(@pummatt)
Posts: 4
New Member
Topic starter
 

Hey guys,

Can any one help me with a list of most Ideal tools that one can use to inetiate a level1 and level2 investigation in a windows environment.

Breaking the tools under the following categories

Acquisition Tools

Media Management Analysis Tools

File System Analysis Tools

Application Analysis Tools

with appropriate cotings if possible.

cheers!!

 
Posted : 24/10/2004 10:05 am
keydet89
(@keydet89)
Posts: 3568
Famed Member
 

inetiate[sic] a level1 and level2 investigation

Can you describe what you mean by "level1" and "level2", or provide a reference for the definitions?

Acquisition Tools

For a live forensics investigation, I'd recommend the Forensic Server Project, as outlined in my book, "Windows Forensics and Incident Recovery" ( http://www.windows-ir.com ).

Application Analysis Tools

Depends on the application…for IIS 5.x, mdutil.exe. For IIS 6, WMI. For pulling metadata from MS Office documents, etc., I'd use Perl (Win32::OLE module).

If by "application analysis", you're also referring to information about executables, I'd suggest strings.exe, Perl (for pulling file version info, etc.).

with appropriate cotings if possible.

What is "cotings"?

Hope that helps,

Harlan

 
Posted : 25/10/2004 11:47 am
Share: