The Windows Forensic Toolchest™ (WFT) is designed to provide a structured and repeatable automated Live Forensic Response, Incident Response, or Audit on a Windows system while collecting security-relevant information from the system. WFT is essentially a forensically enhanced batch processing shell capable of running other security tools and producing HTML based reports in a forensically sound manner.
A knowledgeable security professional can use WFT to help look for signs of an incident, intrusion, or to confirm computer misuse or configuration. WFT produces output that is useful to the admin user, but is also appropriate for use in court proceedings. It provides extensive logging of all its actions along with computing the MD5/SHA1 checksums along the way to ensure that its output is verifiable. The primary benefit of using WFT to perform incident responses or audit is that it provides a simplified way of scripting such activities using a sound methodology for data collection.
I welcome any suggested features or changes or additional tool suggestions. Feedback from users of WFT would be greatly appreciated.
WINDOWS FORENSIC TOOLCHEST™ (WFT) FEATURES
|
| WFT News | ||
| 2009-07-02 | WFT v3.0.04 released | v3.0.04  |
| 2008-07-03 | WFT v3.0.03 released | |
| 2007-07-30 | SANSfire 2007 BOF: What Is New With Windows Forensic Toolchest™ (WFT) v3.0 | PDF |
| 2007-06-03 | WFT v3.0.01 released | |
| 2006-06-10 | WFT presentation presented at the June 10th, 2006 North Texas Snort Users Group meeting. | PDF |
轉自http://www.foolmoon.net/security/wft/index.html
發表文章
0 意見: