tag:blogger.com,1999:blog-9518042.post110789012226487880..comments2024-03-16T07:01:22.721-05:00Comments on Windows Incident Response: Tools of the TradeUnknownnoreply@blogger.comBlogger4125tag:blogger.com,1999:blog-9518042.post-1108036861564207362005-02-10T07:01:00.000-05:002005-02-10T07:01:00.000-05:00Guys,
Thanks for the comments. Like the blog ent...Guys,<br /><br />Thanks for the comments. Like the blog entry said, these are "some" tools...it's not meant to be an all inclusive list...my thought in writing the entry was that it would be spoon-feeding, and not leaving a lot of room for input from others.<br /><br />Also, the tools I mentioned are for volatile data...LADS.exe is my favorite tool for looking for ADSs, but ADSs aren't very volatile...they're still there when you shut the system down. I know that not all the tools are that way, but again...there's no reason to shut down opportunities for discussion.<br /><br />Finally, thanks for the comments about the book...I really learned a lot during the process of writing it, and even more since then. With regards to the technical-content litmus test...I hear ya! My MSEE thesis still puts me to sleep, so I can only imagine that it would put someone else in a coma! ;-)H. Carveyhttps://www.blogger.com/profile/08966595734678290320noreply@blogger.comtag:blogger.com,1999:blog-9518042.post-1108003060772789912005-02-09T21:37:00.000-05:002005-02-09T21:37:00.000-05:00pmdump.exe and strings.exe that were referenced in...pmdump.exe and strings.exe that were referenced in an earlier blog and I have used them already.<br /><br />Also for NTFS ADS, I use lads.exe (http://www.heysoft.de/nt/lads.zip ). Although I can honestly say that I have never come accross any, better to have the tools available when I do need them.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-9518042.post-1107991442924520192005-02-09T18:24:00.000-05:002005-02-09T18:24:00.000-05:00I'm reading your book right now, so I'm curious wh...I'm reading your book right now, so I'm curious why you didn't mention lads.exe? (BTW, I find the book very useful so far in developing our own particular procedures, and it definitely passes the technical-content litmus test of putting my wife to sleep whenever I read it aloud.) Thanks!Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-9518042.post-1107979741256666432005-02-09T15:09:00.000-05:002005-02-09T15:09:00.000-05:00Check out the tools (some already mentioned) liste...Check out the tools (some already mentioned) listed on <br />http://www.securitywizardry.com/fortools.htmAnonymousnoreply@blogger.com