Difference between revisions of "Summerschool Aachen 2004/Incident Research Lab"

From C4 Wiki
Jump to: navigation, search
m
Line 1: Line 1:
 +
[http://md.hudora.de/presentations/summerschool/2004-10-04/ Slides]
 +
 
== Notes on Presentations ==
 
== Notes on Presentations ==
  

Revision as of 15:43, 4 October 2004

Slides

Notes on Presentations

Notes on Lab Session

Debian packages you might find usefull

You might want to look into the following tools:

  • graverobber - grab important data from system
  • ddrescue - spiced up dd
  • sleuthkit, autopsy - forensic toolkit (includes inode cat, ...)
  • fcrackzip - zip password cracker
  • nasm - netwide disasembler
  • e2undel - undelete for ext2
  • ntfstools - undelete for ntfs
  • bview - nice hex editor, vim-like
  • bsdmainutils (includes hd), or vim (includes xxd)