NETinfo 20081010 - PowerPoint PPT Presentation

1 / 15
About This Presentation
Title:

NETinfo 20081010

Description:

Evidence might be sought in a wide range of computer crime or misuse, including ... Helix, Bootable Linux. Adepto, Imaging program utilizing dcfldd ... – PowerPoint PPT presentation

Number of Views:43
Avg rating:3.0/5.0
Slides: 16
Provided by: alexc57
Category:
Tags: bootable | netinfo

less

Transcript and Presenter's Notes

Title: NETinfo 20081010


1
NETinfo 2008-10-10
  • Computer Forensics

2
NETinfo 2008-10-10
Computer forensics is simply the application of
computer investigation and analysis techniques in
the interests of determining potential legal
evidence. Evidence might be sought in a wide
range of computer crime or misuse, including but
not limited to theft of trade secrets, theft of
or destruction of intellectual property, and
fraud. Tidskrävande Det underlättar om man vet
vad man letar efter
3
NETinfo 2008-10-10
  • Linux distributioner med säkerhet i fokus
  • BackTrack
  • Helix
  • Operator
  • PHLAK
  • Auditor
  • L.A.S. Linux
  • Knoppix-STD
  • F.I.R.E.

4
NETinfo 2008-10-10
  • Helix
  • Helix is a customized distribution of Ubuntu
    Linux. It focuses on incident response and
    computer forensics.
  • Maintainer e-fense
  • OS Linux,Windows,Solaris
  • Genre Live CD
  • License GPL, others
  • Website e-fense.com/helix/

5
NETinfo 2008-10-10
  • Helix

6
NETinfo 2008-10-10
  • Helix, Bootable Linux
  • Adepto, Imaging program utilizing dcfldd
  • Autopsy and Sleuthkit, forensic file system
    investigation
  • Scalpel, data carving from image files
  • Clamav, Anti-Virus program
  • Ubuntu-baserad (Knoppix tidigare), använder Gnome

7
NETinfo 2008-10-10
  • Helix, Windows Live
  • Access PassView
  • IECookiesView
  • IEHistoryView
  • MessenPass
  • Network Password Recovery
  • PC On/Off Time
  • Process Explorer
  • Rootkit Revealer
  • WFT (The Windows Forensic Toolchest)?

8
NETinfo 2008-10-10
9
NETinfo 2008-10-10
10
NETinfo 2008-10-10
11
NETinfo 2008-10-10
12
NETinfo 2008-10-10
13
NETinfo 2008-10-10
  • WFT
  • The Windows Forensic Toolchest (WFT) is designed
    to provide a structured and repeatable automated
    Live Forensic Response, Incident Response, or
    Audit on a Windows system while collecting
    security-relevant information from the system.
  • WFT is essentially a forensically enhanced batch
    processing shell capable of running other
    security tools and producing HTML based reports
    in a forensically sound manner.
  • http//www.foolmoon.net/security/wft/

14
NETinfo 2008-10-10
  • WFT features
  • Generation Of Both Raw Text And HTML Reports
  • User-Editable Config File Controls Execution
  • Ability To Run Locally, Via CD/DVD, Or Thumb
    Drive
  • Configurable Toolpath
  • Macros Which Expand Dynamically Based On Run-Time
    Values
  • Detailed Run-Time Logging
  • Verification Of All Executed Tools
  • Detailed Hashing Of Output
  • Support For MD5 Hash
  • Support For SHA1 Hash
  • Ability To Verify WFT Config Files
  • Automatic Updating Of WFT Hash Values For Tools
  • WFT's Interactive Mode Provides Command-Line
    Alternative
  • Ability To Run SysInternals Tools Without
    -accepteula
  • Color Output Highlights Important Info

15
NETinfo 2008-10-10
  • Tips för Windows användare!
  • Skaffa Ubuntu 8.04 Live CD
  • Kan bÃ¥de läsa och skiva till NTFS partitioner
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "NETinfo 20081010" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!