Are there any other products out on the market with similar
functionality, specifically "capture as much information as possible
from a running system with the smallest potential impact"? Anything
else open-source with available code?
Thanks!
On 7 Jul 2006 14:59:03 -0000, mshannon (at) agilerm (dot) net [email concealed] <mshannon (at) agilerm (dot) net [email concealed]> wrote:
> To all-
>
>
> Agile Risk Management is committed to advancing information security concepts, technology, and techniques. As such, we have recently released Nigilant32, a freeware Windows GUI Incident Response tool based on the source code provided by Sleuthkit.
>
>
> Nigilant32 is an incident response tool designed to capture as much information as possible from a running system with the smallest potential impact. Nigilant32 has been developed with Windows 2000, XP, and 2003 in mind, and should work fine with computers running one of those operating systems. Nigilant32 is beta software and may not work in all instances.
>
>
> The third article in our series of "Nigilant32 For First Responders" articles is "Active Memory Imaging". This article covers using Nigilant32 to image the active physical memory (RAM) of the suspect workstation or server to secure portable media. Make sure you download the article, as the last pages contain a sneak preview of the current project being developed in the Agile Research Lab.
>
>
> We sincerely hope you find Nigilant32 useful, however please remember, it is beta software therefore you should exercise good judgment when using it in your IT environment.
>
>
> Nigilant32, articles (as they are released), and modified Sleuthkit source code (libsleuthkit) is available at http://www.agilerm.net/publications_4.html
>
>
> Warmest Regards,
>
>
> Matthew M Shannon, CIFI, CISSP
>
> Principal - Computer Forensics and Litigation Support
>
> Agile Risk Management LLC
>
> 2202 N Westshore Blvd, Suite 200
>
> Tampa, FL 33607
>
> (M) 813.732.5076
>
> (O) 1.877.AGILE13 (877.244.5313)
>
> www.agileriskmanagement.com
>
>
Are there any other products out on the market with similar
functionality, specifically "capture as much information as possible
from a running system with the smallest potential impact"? Anything
else open-source with available code?
Thanks!
On 7 Jul 2006 14:59:03 -0000, mshannon (at) agilerm (dot) net [email concealed] <mshannon (at) agilerm (dot) net [email concealed]> wrote:
> To all-
>
>
> Agile Risk Management is committed to advancing information security concepts, technology, and techniques. As such, we have recently released Nigilant32, a freeware Windows GUI Incident Response tool based on the source code provided by Sleuthkit.
>
>
> Nigilant32 is an incident response tool designed to capture as much information as possible from a running system with the smallest potential impact. Nigilant32 has been developed with Windows 2000, XP, and 2003 in mind, and should work fine with computers running one of those operating systems. Nigilant32 is beta software and may not work in all instances.
>
>
> The third article in our series of "Nigilant32 For First Responders" articles is "Active Memory Imaging". This article covers using Nigilant32 to image the active physical memory (RAM) of the suspect workstation or server to secure portable media. Make sure you download the article, as the last pages contain a sneak preview of the current project being developed in the Agile Research Lab.
>
>
> We sincerely hope you find Nigilant32 useful, however please remember, it is beta software therefore you should exercise good judgment when using it in your IT environment.
>
>
> Nigilant32, articles (as they are released), and modified Sleuthkit source code (libsleuthkit) is available at http://www.agilerm.net/publications_4.html
>
>
> Warmest Regards,
>
>
> Matthew M Shannon, CIFI, CISSP
>
> Principal - Computer Forensics and Litigation Support
>
> Agile Risk Management LLC
>
> 2202 N Westshore Blvd, Suite 200
>
> Tampa, FL 33607
>
> (M) 813.732.5076
>
> (O) 1.877.AGILE13 (877.244.5313)
>
> www.agileriskmanagement.com
>
>
[ reply ]