|
(Page 6 of 6) < Prev 1 2 3 4 5 6 Category: Auditing » Forensics DumpSec Added 2001-10-22 SomarSoft has granted SystemTools.com distribution rights for SomarSoft's DumpSec (formerly known as DumpAcl), DumpReg, and DumpEvt programs. DumpSec is a security auditing program for Microsoft® Windows NT?. It dumps the permissions (DACLs) and audit settings (SACLs) for the file system, registry, printers and shares in a concise, readable listbox format, so that holes in system security are readily apparent. DumpSec also dumps user, group and replication information. DumpSec is a must-have product for Windows NT systems administrators and computer security auditors. DumpEvt Added 2001-10-22 DumpEVT is a Windows NT program to dump the event log, in a format suitable for importing into a database. Used as basis for eventlog managment system, for long-term tracking of security violations, etc. There is also a DLL version of DumpEvt, which allows you to read the formatted event log from Visual Basic. TCTUTILs Added 2001-10-22 TCTUTILs is a collection of utilities that adds additional functionality to The Coroners Toolkit (TCT). Features: - List directory inode contents to view file, device, and directory names. This also allows deleted file names to be viewed and with some platforms an entire file that was recently deleted can be easily recovered. - Get Modified, Accessed, and Created time data on deleted files (not possible on all systems) and merge the data into the mactimes output from TCT. - Find the names of files and directories that are using a given inode. On some systems, deleted file names will also be given. - Find the inode that is using a given block. On some systems, the inode may not even be allocated. - Display the contents of a given block in several formats - Display the details of an inode (including all block numbers) KSEC - Kernel Security Checker Added 2001-10-22 Great tool useful to find an attacker in your system by a direct analysis of the kernel through /dev/kmem and bypassing the hiding techniques of the intruder (kernel static recompilation/use of LKMs). KSec can find the modified syscalls from userspace, detect the promisc interfaces, find the modifications applied to a protocol and much more. KSTAT - Kernel Security Therapy Anti-Trolls Added 2001-10-22 Tool useful to find an attacker in your system by a direct analysis of the kernel through /dev/kmem and bypassing the hiding techniques of the intruder (kernel static recompilation/use of LKMs). Kstat can find the syscalls which were modified by a LKM, list the linked LKMs, query one or all the network interfaces of the system, list all the processes and much more. Automatic Security Added 2001-10-22 Automatic Security is an expect script which tracks security notices on securityfocus.com and will download and test new updates when they are released. If your system is vunerable the script will notify you through its log so that you can install the patch as soon as possible. Patching is not automatic for safety reasons. IRCR Added 2001-10-22 The Incident Response Collection Report (IRCR) is similar to The Coroner's Toolkit (TCT) by Dan Farmer & Wietse Venema. This program is a collection of tools that gathers and/or analyzes forensic data on a Microsoft Windows system. You can think of this as a snapshot of the system in the past. Like TCT, most of the tools are oriented towards data collection rather than analysis. The idea of IRCR is that anyone could run the tool and send the output to a skilled Windows forensic security person for further analysis. IIS_PROMISC Added 2001-10-22 MS-IIS Web Server auditing tool, it checks for many serious vulnerabilities using a Perl script, support proxy server and if is found a hole, prints it and the Patch URL. Browse by category |
|
|
Privacy Statement |
