Sunday, June 12, 2005
Good Tool Listing on ISC
There is a good listing of incident response tools listed during one the daily journals on the Internet Storm Center. The list was done by Scott F. (I don't know who he is) and is organized quite nicely. I like the way the tools are listed and will post my kit shortly in the same manner but with version numbers making it easy to keep track of what I have so checking the tools site can show me quickly if I have the latest version or not. The other thing I like doing that was not touch on is using Helix as my main IR tool. Scott's list includes Helix at the bottom as an "additional CD I keep around for the Unix geek in me." Helix's live IR analysis features ROCK! I have customized the win32 side of Helix with tools the I prefer to use and were not included originally, in addition to updated versions of the tools that have been released since Helix was pressed. And, to top it all off, I ripped out the Unix side of Helix and created a custom WinPE environment which is a little more useful in win32 IR and forensics. What is the ETA on my list??? This week since I will be telecommuting from home in order to help out with my new beautiful daughter, Gabriella Skye Sawyer. The next few weeks of telecommuting will give me the opportunity to catch up on documentation and policy items. Yeah, go ahead and groan as I did when typing that. Policies = Political Ick!