Latest News
Gov reveals AI plan as Home Affairs pursues industry briefings
AFP boosts private cloud with $20m Dell deal
Researcher trawls cybercrime sites, collects billions of stolen credentials
Westpac factors post-quantum cryptography prep into "secure router" rollout
ACMA altering outage data handling as public register nears
Features
.gif&h=140&w=231&c=1&s=1)
.gif&h=140&w=231&c=1&s=1)
.gif&h=140&w=231&c=1&s=1)
.gif&h=140&w=231&c=1&s=1)
-2.gif&h=140&w=231&c=1&s=1)
.gif&h=140&w=231&c=1&s=1)
.gif&h=140&w=231&c=1&s=1)
Review: Coroner's Toolkit
The Coroner’s Toolkit, or TCT is an open-source set of forensic tools for performing post-mortem analysis on Unix systems. Written by Dan Farmer and Wietse Venema, both very well known in security circles for such programs as SATAN, TCT is not an easy product to use. A serious knowledge of Unix is a prerequisite for success, but if you can manage it, this is an extremely powerful set of tools.
Jul 11 2006 12:00AM
Security
Review: Forensic ToolKit
The Forensic ToolKit (FTK) is very powerful and comes loaded with features, although it is naturally difficult to make such a powerful tool completely simple to use. The program interface can overwhelm at first glance, with all its different features and options, but after reading the documentation and getting to know the program, it becomes much more intuitive.
Jul 11 2006 12:00AM
Security
Review: i2 Analyst's Notebook
This is a very different type of analysis tool from those infosec professionals are used to. Link analysis, a crucial aspect of incident response, is usually done manually or by trying to use log correlators. This is a true link analyser with a long pedigree in analysing complex crimes and security incidents.
Jul 11 2006 12:00AM
Security
Review: LogLogic LX 2000
LogLogic’s LX 2000 is an excellent log analysis tool.
It is powerful, can be distributed, and is a mature and useful product. But it is not for the faint-hearted. While its user interface is excellent, it has many hidden capabilities that require some time to understand.
Jul 11 2006 12:00AM
Security
Review: Mandiant First Response
First Response is a freeware audit tool and is a little difficult to use in the beginning. The interface, deploying agents and gathering data can also be a little awkward at first, but this program can be very useful once the user has a grasp on what it does and what it is capable of.
Jul 11 2006 12:00AM
Security
Review: NetWitness
NetWitness is a network traffic security analyser that the vendor describes as a “security intelligence” tool. Setup is simplified by its new installation wizard, that worked correctly the first time, and was a breeze. We then fed it a set of snort packet logs, that it accepted without complaint, and were able to begin analysis within an hour.
Jul 11 2006 12:00AM
Security
Review: Sleuth Kit & Autopsy Browser
Sleuth Kit and Autopsy Browser are excellent examples of what happens when a talented developer builds on good prior work. These products, used together, are freeware open-source computer forensic tools built on the Coroner’s Toolkit. But the developer, Brian Carrier, has taken his considerable expertise
in file systems of all kinds and applied it here.
Jul 11 2006 12:00AM
Security
Review: KeyGhost USB Keylogger
Physical keyloggers top the list of security nightmares for most in the profession. While full-blown remote access trojans are worse, they are also fairly easy to identify and block, both at installation and in use, but physical keyloggers are much harder to identify.
Jul 11 2006 12:00AM
Security
