TCT is a collection of programs that can be used for a post-mortem analysis of a UNIX system after break-in. The software was presented first during a free Computer Forensics Analysis class that we gave one year ago (almost to the day).
Notable TCT components are the grave-robber tool that captures information, the ils and mactime tools that display access patterns of files dead or alive, the unrm and lazarus tools that recover deleted files, and the keyfind tool that recovers cryptographic keys from a running process or from files.
http://www.porcupine.org/forensics/tct.html
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment