Main Area and Open Discussion > General Software Discussion

Computer Forensics Application

(1/3) > >>

Ehtyar:
Does anyone have a suggestion on an application for gleaning as much information from a Windows computer as possible? Thanks to April and Lash man who suggested regedit, but I'm looking for something a little more comprehensive. Any suggestions would be appreciated, though open source/free is preferred.

Thanks, Ehtyar.

Veign:
Try this tool suite:
http://www.e-fense.com/helix/

PhilB66:
Info from your own machine or a third-party one? What kind of info are you after?

Are you looking for tools like ESET SysInspector, SIV, SIW, WITS (Windows Inspection Tool Set), WinAudit, HWiNFO?

Ehtyar:
My apologies for being unclear, I didn't think the question through as well as i should have. An acquaintance has given me their computer, and I'm looking for a virus or malicious program running on the machine. Things I'm interested in are details about modules in memory, internet history, most recently accessed files etc. Currently I'm making use of autoruns, process explorer, spybot, clamwin etc, but basically i'm just looking for the easiest way to get the most information about the usage of this computer as i possibly can. The people I'm doing this for will need instructions on how to prevent a recurrence of the infection, as they're not exactly power users. I hope this clears things up a little bit.

Ehtyar.

PhilB66:
Windows Incident Response forensic analysis on the cheap is a good starting point.

NirSoft has quite a few utilities... OpenedFilesView, ProcessActivityView, and RegFromApp, the browser history and Cache viewers, etc.

A good read is the Web Browser Forensics article by SecurityFocus.

Navigation

[0] Message Index

[#] Next page