Re: [sleuthkit-developers] Application Categories - second try
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-developers] Application Categories - second try
|
From: Brian C. <ca...@sl...> - 2004-02-03 17:11:35
|
Thanks Matthias. Some of these still have a lot of overlap. For example, acroread is very similar to any of the office tools since you can read and now apply edits to the document. In general, the desktop category seems to be a different form of "other". Similarly, the web category has a lot of overlap with server daemons. Here is a quick guess at how i would organize some of this. It is not done and maybe completely off. I realized as I was doing it that it could be useful to distinguish between tools in the category and files in the category: System Tools and Files - Files that are required for the kernel and operating system to run - the kernel executable and other required executables - Files that are used to administer the kernel and operating system - config files, registry ... - General files that are used by applications - system libraries, dll - Files that are needed to develop tools for the system - system header files - Drivers? Communication Tools - User-level tools that send or recieve files from other network hosts - email client, web browser, ftp client, peer-to-peer client - email server, HTTP server, FTP server ... - user-level tools that allow interactive communication between two people - im, irc Communication Files - Files used to communicate data or other files: - email with headers, HTML pages WITH HTTP data, any 'encoded' file - im logs Document Tools - Tools that create or view human-readable documents that are used to store and organize data - office, openoffice, excel, acrobat reader - text editor - HTML development tools - cgi, php ... Document Files - Files that can be interpreted to show human-readable data - Word Documents, HTML files, pdf files, xls files - text files Multimedia Tools - Tools that play or record audio - iTunes, ... - Tools that play or record video - Real, quicktime, Windows Media .. - Tools that play or record still photographs and graphics - Photoshop, Illustrator Multimedia Files - Audio Files - mp3, wav - Video Files - avi - Graphic Files - jpg, gif.. ---------------------------------------------------- I'm less confident about these: Personal Organization Tools and Files - Files used to organize a user's time and tasks - calendar address book, todo list? - PDA sync tools Database - Tools and files that are used to store and retrieve data from a database - oracle, access, SQL - files for the above databases Security - Prevention - Tools and files that are used to secure a system from attack - anti-virus - personal firewalls - IDS Security - Attack - Tools and files that are used to cause a security incident - exploits - attack tools - DDoS tools - viruses - Tools and files that are used to remove evidence of incident - log cleaner - evidence eliminator - Tools and files that are used to allow access to a compromised system - rootkits Games - Tools and files that are games - solitare .... ---------------------- I Haven't thought enough about these tools yet: network port scanners network IP scanners (ping) network sniffers remote management hex editor calculator winzip, tar.gz encryption tools development tools On Feb 1, 2004, at 6:27 AM, Matthias Hofherr wrote: > Hi all, > > here a short writeup from our last discussion about application > categories. > (kg) means, default for this category is known-good and (kb) is > known-bad. > > > Application entry: > > - remote management (kg) > Examples: vnc,PC Anywhere, BO/BO2K, SubSeven (???) ... > > - office tools (kg) > Examples: the different office suits - MS Office, OpenOffice, > StarOffice, > Adobe Acrobat ... > > - database (kg) > Examples: the database server and clients, database content files > > - desktop (kg) > Examples: desktop programs like kde tools, acrobat reader, winzip, > games, screensavers,web browser, email clients > > - security (kg) > Examples: nmap, hping2, virus scanners and signatures, content filter > software, tripwire/aide/samhain, IDS tools > > - sysutils (kg) > Examples: every day sysadmin utilities (*nix: /sbin/*,/usr/bin ...) > > - server daemons (kg) > Examples: sendmail,postfix,pop3d,imapd,apache,... > > - web/network (?) (kg) > Examples: cgi scripts, php files, ... > > - multimedia (kg) > Examples: sound-, picture-, video-files > > - drivers (kg) > Examples: driver software (sic!) > > - (child-)porn (kb) > Examples: the name says it all > > - malware (kb) > Examples: rootkits, malicious code, worms, viruses, trojans, > backdoors ... > > - other (kg) > Examples: everything which doesn't fit in the other categories > > Is "malware" an appropiate name ? Shall we further divide this > category ? > > How about the separate "child-porn" section ? There are other kinds of > illegal porn which do not fit in this category. > > Is "web" or "network" a better name ? What more content would include > network which doesn't fit in the other categories ? > > It seems that our "remote management" categoriy includes potentially > more > known-bad (subseven/BO(2K) ...) than known-good tools. Should we > disband > this category and absorb it in the other categories ? > > Has anyone good ideas for other groups or better group names ? > > Regards, > > Matthias > > > -- > Matthias Hofherr > mail: mat...@mh... > web: http://www.forinsect.de > gpg: http://www.forinsect.de/pubkey.asc > > > > > ------------------------------------------------------- > The SF.Net email is sponsored by EclipseCon 2004 > Premiere Conference on Open Tools Development and Integration > See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. > http://www.eclipsecon.org/osdn > _______________________________________________ > sleuthkit-developers mailing list > sle...@li... > https://lists.sourceforge.net/lists/listinfo/sleuthkit-developers > > |
