coder
Nov 21 2003, 02:28 PM
| QUOTE |
Forensic Toolkit
The Forensic ToolKit contains several Win32 Command line
tools that can help you examine the files on a NTFS disk partition
for unauthorized activity. We built these tools to help us do our
job, we hope they can help you as well.
AFind is the only tool that lists files by their last access time
without tampering the data the way that right-clicking on file
properties in Explorer will. AFind allows you to search for access
times between certain time frames, coordinating this with logon info
provided from ntlast, you can to begin determine user activity even if
file logging has not been enabled.
HFind scans the disk for hidden files. It will find files that have
either the hidden attribute set, or NT's unique and painful way of
hiding things by using the directory/system attribute combination.
This is the method that IE uses to hide data. HFind lists the last
access times.
SFind scans the disk for hidden data streams and lists the last access
times.
FileStat is a quick dump of all file and security attributes. It works
on only one file at a time but this is usually sufficient.
Hunt is a quick way to see if a server reveals too much info via NULL
sessions.
Command line switches
afind [dir] /f [filename] /ns=no subs /a after /b before /m
between
time format =
hfind [dir] /hd=find dir/system attribs /ns=no subs
sfind [dir] /ns=no subs
filestat [filename]
hunt [\\servername]
COMMAND PROMPT MUST BE A MINIMUM OF 80 CHARACTERS
A REMINDER. AS STATED IN OUR LICENCE, WE PRESENT THESE TOOLS AS IS.
NO WARRENTY EXPRESSED OR IMPLIED. THIS TOOL IS UNSUPPORTED.
System Requirements:
Windows NT 4.0 SP3
16MB Memory
Administrator privileges
Audit log enabled with searchable records
Set NT command line buffer to 500 or more lines. 1200 lines works
well
Copyright 1998-99, NT OBJECTives, Inc. All Rights Reserved.
All trademarks are the property of their respective owners.
Read our Legal Notice & Terms of Use and Privacy Policy
|
flame
Nov 21 2003, 04:03 PM
broken link...
UNDERTAKER
Nov 21 2003, 06:59 PM
10x... going to have a look on that...
wicked
Nov 21 2003, 09:59 PM
Cheerz Bud Looks Good
Wkd..
coder
Nov 22 2003, 03:35 AM
| QUOTE (flame @ Nov 21 2003, 04:03 PM) |
| broken link... |
works great for me, and everyone else?
neoragexxx
Nov 22 2003, 10:17 AM
Extremely useful and the link worx fine , thx a ton m8
jak3c
Nov 22 2003, 10:44 AM
thanks u dude for this tools package!....
soudns good!
apusnaias
Nov 22 2003, 02:30 PM
thx a lot for sharing
grabel
Nov 22 2003, 02:35 PM
its great dude...
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please
click here.
