Lister,
Are you doing this for a system that was compromised and is running on
your network or are you doing this for your own edification?

If you are asking this question for the first reason, then you should
just re-install the system. Once a computer system has been compromised
the integrity of its software can not guaranteed and as such can not be
trusted to be safe. Its a waste of time and resources to try to "clean"
the system, its much more simple (in most cases) to just reinstall.

If you are asking for your own edification and if this is for research
then there are many forensic tools that you can use. Check the sleuth
kit for a good free one. If you want to pay for a commercial tool then
check encase (but its expensive and if you don't have the experience
then don't waste your money). There are many and Google is your friend.

Regards,
Adriel T. Desautels
Chief Technology Officer
Netragard, LLC.
Office : 617-934-0269
Mobile : 617-633-3821
http://www.linkedin.com/pub/1/118/a45

Join the Netragard, LLC. Linked In Group:
http://www.linkedin.com/e/gis/48683/0B98E1705142

---------------------------------------------------------------
Netragard, LLC - http://www.netragard.com - "We make IT Safe"
Penetration Testing, Vulnerability Assessments, Website Security

Netragard Whitepaper Downloads:
-------------------------------
Choosing the right provider : http://tinyurl.com/2ahk3j
Three Things you must know : http://tinyurl.com/26pjsn

lister (at) lihim (dot) org [email concealed] wrote:
> Can anyone recommend some tools to run on a compromised linux
> box to determine if there is further infestation? (rootkits, etc).

[ reply ]