tools

This tool is designed to help search file systems during forensic examinations. It collects information and meta data associated with files, and offers strong searching and indexing capabilities, although limited to Windows file systems.

NetWitness is a network forensics and analysis package available in both software and appliance (really just a preconfigured server) formats.

This product is the big brother of its family, including all the forensic capabilities of other versions with the additional ability to conduct investigations over the network and compare live systems to known-good baselines to establish whether a machine has been compromised or tampered with.

Stellar Phoenix is a product aimed at data recovery, rather than strict forensics, although of course recovery is an important part of incident response. Confronted with a disk with damaged or missing data, the software will attempt to recover information and reconstruct partial data.

This product manages and analyzes Windows server log files. While this activity is not limited to forensics, it is an important incident response tool.

Ecora Enterprise Auditor 3.5 is a comprehensive package tailored to fit into most contemporary IT environments.

Auditing software requirements will naturally vary between organizations. In many cases, a relatively straightforward approach will be all that is necessary. But sometimes you might want a higher level of analysis and control.

The LANDesk Management Suite is much more than just an auditing tool. It is a comprehensive group of tools for generally managing a corporate network which might include large numbers of clients.

LANsurveyor 9 is a subtly different program from others tested here. At its heart is a graphical mapping capability that allows you to create "maps" of your network to various levels of detail. These maps might be used solely within the program, or be exported in a variety of formats, including Microsoft Visio, so you can edit them as appropriate to your organizational requirements.

We evaluated a previous version of PC-Duo and were generally impressed with its intuitive interface and no-nonsense functions. We are pleased to report that the previous strengths – an attractive and intuitive interface – remain. The functionality has also been well considered and will be truly useful in a broad range of operational scenarios.

SecurityExpressions is a comprehensive audit and compliance software tool which is easy to deploy and usable in most computing environments. It can audit systems either with or without agents deployed on the target machines.

Track-It comes in three flavors, with varying levels of sophistication: Standard, Professional and Enterprise.

LANDesk Asset Manager – actually an add-in to the comprehensive LANDesk Management Suite 8.1 application – provides a host of valuable functionality.

Altiris speaks in terms of "lifecycle management," by which it means managing your IT-related assets throughout their useful term of operation. This is enabled by the provision of a core Notification Server, to which might be added a Server Provisioning Suite, a Client Management Suite , (CMS), and an Asset Management Suite, (AMS). The Altiris brochure also describes a utility named the Wise Package Studio which, as you might expect, provides for software distribution.

Centennial Discovery 4.51 is a comprehensive, but easy to use, auditing tool which might be used with a variety of client operating systems. It requires Microsoft SQL Server 7.0 or later, a run-time version of which is supplied on the installation CD.

This product is a straightforward and competent auditing tool whose apparent simplicity and ease of use will appeal to many system administrators.

Intuit Track-It! is a comprehensive suite of integrated modules which provide some interesting and useful functionality. The product is available in three flavours of Single User, Standard (facilitating multiple users) and Enterprise, and is nicely presented throughout with good documentation.