Re: [sleuthkit-developers] Some questions

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

kenshin wrote:
>
> Why do you want to use static executables?
> Why do you not use shared libraries?

For forensic and incident response purposes: with static executables we
don't rely on anything that is deployed on a compromised system on
performing live analysis. This is done so we get a "trusted" executable
we can rely on.

> Why do you compile the comand file,md5,sha1? (a normal system have its)

The same as above, I think. These tools are crucial to sleuthkit
activity, so they get compiled in a trusted fashion ;)

have fun
/valter

- --
o Valter Santos <vsantola at sectoid.com>
o INFOCON Tactical Overview: http://infocon.sectoid.com
o
o PGP Key ID:  0xE2A4B206
o Fingerprint: 99FA 3D80 4B54 BA70 7DD7 C751 47BA 49BC E2A4 B206
o
o Attack is the secret of defense; defense is the planning of an attack.
o Sun Tzu, Art of War

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFEmJJeR7pJvOKksgYRAm+8AJ4m3GMPJ7KyMSBHsHsIeqac5uZioACggiTY
0rjxbwEXzHvqWrOHPzb9tDE=
=1nis
-----END PGP SIGNATURE-----