yabの日記: #240 DPiS(sleuthkit - Tools for forensics analysis)
日記 by
yab
rootkitsの検出などにもどうぞ
sleuthkit - Tools for forensics analysis
The Sleuth Kit allows an investigator examine the file systems of a suspect computer in a non-intrusive fashion. The
Sleuth Kit is a collection of UNIX-based command line tools that can analyze NTFS, FAT, FFS, EXT2FS, and EXT3FS file
systems. The Sleuth Kit reads and processes the file system structures itself and therefore operating system support
for the file systems is not required. Furthermore, these can be used during Incident Response on live systems to
bypass the kernel and view files that are being hidden by rootkits.
#240 DPiS(sleuthkit - Tools for forensics analysis) More ログイン