tag:blogger.com,1999:blog-9518042.post4668121925866546303..comments2024-03-19T07:46:20.437-05:00Comments on Windows Incident Response: Links, Tools and StuffUnknownnoreply@blogger.comBlogger7125tag:blogger.com,1999:blog-9518042.post-42188358966373519072011-02-24T06:06:41.240-05:002011-02-24T06:06:41.240-05:00Thanks, Harlan, for pointing to PDFStreamDumper of...Thanks, Harlan, for pointing to PDFStreamDumper of which I wasn't aware of. This tool is really, really useful.Stefanhttp://www.bfk.de/noreply@blogger.comtag:blogger.com,1999:blog-9518042.post-65176755666352803852011-02-22T22:45:43.083-05:002011-02-22T22:45:43.083-05:00Thanks for taking a look at our OSForensics softwa...Thanks for taking a look at our OSForensics software.<br /><br />@Anonymous, if you have any trouble with getting OSFClone to work, please contact us, and we'll help you out. You can find links to our Forums and our email addresses on our website.<br /><br />We also have a new beta out since Harlan's original review. Feel free to check it out, we're keen to hear what people think.PassMark Softwarehttp://www.osforensics.com/noreply@blogger.comtag:blogger.com,1999:blog-9518042.post-83274903001351498122011-02-22T22:41:30.749-05:002011-02-22T22:41:30.749-05:00Thanks for taking a look at our OSForensics softwa...Thanks for taking a look at our OSForensics software.<br /><br />@Anonymous, if you have any trouble with getting OSFClone to work, please contact us, and we'll help you out. You can find links to our Forums and our email addresses on our website.<br /><br />We also have a new beta out since Harlan's original review. Feel free to check it out, we're keen to hear what people think.PassMark Softwarehttp://www.osforensics.com/noreply@blogger.comtag:blogger.com,1999:blog-9518042.post-85277858755879982952011-02-19T16:42:13.595-05:002011-02-19T16:42:13.595-05:00I have just spent a couple of days playing with OS...I have just spent a couple of days playing with OSForensics and other than the very nice (or is it childdish) graphics I dont see myuch going for it. I didnt like having to use extra tools to acquire an image and then incorporate it into OSForensics ... but FYK Imager is a relaible tool, of course. Anyhow, having a set of virtual images/disks on the hos tto then search, etc, was not as intuative as having all the finctionality and artifacts within single case and envirnment. I will carry one using for several mroe days to give it a a fair chance ... but so far the lack of imaging capabilities gets in the way of a logical process .. for me. I did use OSMount successfully but USBClonew wouldnt work for me at a command line level .. despite using the correct command.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-9518042.post-89491171862516619362011-02-15T20:07:36.074-05:002011-02-15T20:07:36.074-05:00The people behind OSForensics (PassMark Software) ...The people behind OSForensics (PassMark Software) seem to also offer an alternative to NetStumbler known as WirelessMon with some interesting mapping functionality.<br /><br />Webpage here:<br />http://www.passmark.com/products/wirelessmonitor.htmJohnCnoreply@blogger.comtag:blogger.com,1999:blog-9518042.post-35745910842810068782011-02-15T09:05:17.433-05:002011-02-15T09:05:17.433-05:00http://www.metageek.net/products/inssider/ is also...http://www.metageek.net/products/inssider/ is also worth a look as an alternative Windows wifi scannerAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-9518042.post-59371876452318143702011-02-14T12:25:26.429-05:002011-02-14T12:25:26.429-05:00Another wireless assessment tool is Ekahau Heatmap...Another wireless assessment tool is Ekahau Heatmapper (there’s a free version as well as commercial versions). The tool locates access points, their Wi-Fi coverage, and plots them both on a map. One of the main reasons I use the tool is to locate the physical locations of access points. Heatmapper doesn’t rely on GPS so it’s useful for inside of buildings when GPS isn’t an option. However similar to Netstumbler, Heatmapper is unable to reveal hidden SSIDs even though it can still map the physical location of the device. So if you need to know the SSID or more information about an identified access point (such as clients connected) then another tool such as Kismet can be used along with Heatmapper.<br /><br />I thought about writing a quick post on performing an assessment with the tool but I don’t have a location to survey. My house isn’t an option since it would be tough walking through the couple feet of snow surrounding my house. <br /><br />Thanks for sharing your testing results with the OSforensics tool. I find it helpful when people share their perspective on new tools – new to me- since it helps me see some of the functionality the tool has to offer.Corey Harrellhttp://journeyintoir.blogspot.com/noreply@blogger.com