Forensics CD Toolkit for FreeBSD
Barney Wolff
barney at databus.com
Sun Aug 3 15:33:56 PDT 2003
On Sun, Aug 03, 2003 at 12:59:31PM -0600, Joe Warner wrote:
> >
> > 4. You should investigate The Coroner's Toolkit, available (free)
> > from porcupine.org to really do forensics work. It comes from
> > Dan Farmer & Wiese Venema, who need no endorsement from me.
> > I've used it (on Solaris) with very gratifying results.
>
> Yes, I've seen that all over the place from my searches on Google but I
> was hesitant about going any further with that because it said it's only
> been tested on FreeBSD 2.2.1, 3.4, and 4.4
It should run on any 4- FreeBSD version. The parts of it that need to
understand file system formats will likely not be happy with 5.x's UFS2,
but that's not an issue for 4.x.
> Do you think I can run TCT from a CD?
Sure.
--
Barney Wolff http://www.databus.com/bwresume.pdf
I'm available by contract or FT, in the NYC metro area or via the 'Net.
More information about the freebsd-stable
mailing list