달력

12

« 2019/12 »

  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  •  
  •  
  •  
  •  

   

http://www.mcafee.com/us/downloads/free-tools/forensic-toolkit.aspx

홈페이지 좌측 하단의

Download this tool now 링크 클릭

   

   

McAfee Software royalty-Free License 페이지가 오픈되며

하단에 Download Now 링크 클릭

   

   

직접다운로드 받기

forensictoolkit20.zip

   

Posted by codedragon codedragon

댓글을 달아 주세요

   

   

   

http://www.mcafee.com/us/downloads/free-tools/forensic-toolkit.aspx

   

   

Tools to help examine NTFS for unauthorized activity.

The Forensic ToolKit™ contains several Win32 Command line tools that can help you examine the files on a NTFS disk partition for unauthorized activity. We built these tools to help us do our job, we hope they can help you as well.

   

Key Features

AFind is the only tool that lists files by their last access time without tampering the data the way that right-clicking on file properties in Explorer will. AFind allows you to search for access times between certain time frames, coordinating this with logon info provided from ntlast, you can to begin determine user activity even if file logging has not been enabled.

HFind scans the disk for hidden files. It will find files that have either the hidden attribute set, or NT's unique and painful way of hiding things by using the directory/system attribute combination. This is the method that IE uses to hide data. HFind lists the last access times.

SFind scans the disk for hidden data streams and lists the last access times.

FileStat is a quick dump of all file and security attributes. It works on only one file at a time but this is usually sufficient.

Hunt is a quick way to see if a server reveals too much info via NULL sessions.


Command Line Switches

afind [dir] /f [filename] /ns=no subs /a after /b before /m between

time format =

hfind [dir] /hd=find dir/system attribs /ns=no subs

sfind [dir] /ns=no subs

filestat [filename]

hunt [\\servername]

   

System Requirements

Windows NT 4.0 SP3

16MB Memory

Administrator privileges

Audit log enabled with searchable records

Set NT command line buffer to 500 or more lines. 1200 or more lines works well

   

   

Posted by codedragon codedragon

댓글을 달아 주세요