Re: [sleuthkit-developers] Some questions
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-developers] Some questions
|
From: kenshin <ken...@gm...> - 2006-06-21 02:10:43
|
I know that we don't use untruted executable, but normaly we make a copy of hd in other and then we analyzed this image in our computer and I trust my computer :) Thanks for the interest 2006/6/21, Valter Santos <vsa...@se...>: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > kenshin wrote: > > > > Why do you want to use static executables? > > Why do you not use shared libraries? > > For forensic and incident response purposes: with static executables we > don't rely on anything that is deployed on a compromised system on > performing live analysis. This is done so we get a "trusted" executable > we can rely on. > > > Why do you compile the comand file,md5,sha1? (a normal system have its) > > The same as above, I think. These tools are crucial to sleuthkit > activity, so they get compiled in a trusted fashion ;) > > have fun > /valter > > > - -- > o Valter Santos <vsantola at sectoid.com> > o INFOCON Tactical Overview: http://infocon.sectoid.com > o > o PGP Key ID: 0xE2A4B206 > o Fingerprint: 99FA 3D80 4B54 BA70 7DD7 C751 47BA 49BC E2A4 B206 > o > o Attack is the secret of defense; defense is the planning of an attack. > o Sun Tzu, Art of War > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.1 (GNU/Linux) > > iD8DBQFEmJJeR7pJvOKksgYRAm+8AJ4m3GMPJ7KyMSBHsHsIeqac5uZioACggiTY > 0rjxbwEXzHvqWrOHPzb9tDE= > =1nis > -----END PGP SIGNATURE----- > |
