./security/tct, Programs to aid post-mortem after a break-in

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: pkgsrc-2009Q1, Version: 1.09nb3, Package name: tct-1.09nb3, Maintainer: frazee.23

TCT is a collection of programs by Dan Farmer and Wietse Venema for a
post-mortem analysis of a UNIX system after break-in.

Notable TCT components are the grave-robber tool that captures
information, the ils and mactime tools that display access patterns of
files dead or alive, the unrm and lazarus tools that recover deleted
files, and the findkey tool that recovers cryptographic keys from a
running process or from files.

WARNING

This software is not for the faint of heart. It is relatively
unpolished compared to the software that Dan and Wietse usually
release. TCT can spend a lot of time collecting data. And although
TCT collects lots of data, many analysis tools still need to be
written.


Required to run:
[lang/perl5]

Master sites:

SHA1: fffb6ae1f389cfdfad95a9a81f6eaba115c9dfc0
RMD160: ee4ddc286a2564f9b1daaa41f35e3d0fe8d6ea71
Filesize: 306.771 KB

Version history: (Expand)