Category: News

DShield – The Distributed Intrusion Detection System

dshieldDShield.org is an attempt to collect data about cracker activity from all over the internet. This data will be cataloged and summarized. It can be used to discover trends in activity and prepare better firewall rules.

Right now, the system is tailored to simple packet filters. As firewall systems that produce easy to parse packet filter logs are now available for most operating systems, this data can be submitted and used without much effort.

More complex patterns, such as are used by application level firewalls may be handled in the future.

DShield provides a platform for users of firewalls to share intrusion information. DShield is a free and open service.

If you use a firewall, please submit your logs to the DShield database. You may either download one of their ready to go client programs, or use their Web Interface to manually submit your firewall logs. Registration is encouraged, but is not required.

Everybody is welcome to use the information in the DShield reports and database summaries to protect their network from intrusion attempts.

More information about how DShield works is on their home page.

samhain-2.2.4.tar.gz released

samhain

Description:
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.

Author: Rainer Wichmann
Homepage: http://samhain.sourceforge.net
Changes: Various updates.
File Size: 1525691
Last Modified: Sep 13 10:13:01 2006
MD5 Checksum: 66b81869578b1295ed8cc0d811457173

Version 2.06 of The Sleuth Kit was released…

sleuthThe long awaited Windows version of Brian Carrier’s famous file system analysis tool The Sleuth Kit has been released as of September 1, 2006.

Description

The Sleuth Kit (previously known as TASK) is a collection of UNIX-based command line file and volume system forensic analysis tools. The file system tools allow you to examine file systems of a suspect computer in a non-intrusive fashion. Because the tools do not rely on the operating system to process the file systems, deleted and hidden content is shown.

The volume system (media management) tools allow you to examine the layout of disks and other media. The Sleuth Kit supports DOS partitions, BSD partitions (disk labels), Mac partitions, Sun slices (Volume Table of Contents), and GPT disks. With these tools, you can identify where partitions are located and extract them so that they can be analyzed with file system analysis tools.

When performing a complete analysis of a system, we all know that command line tools can become tedious. The Autopsy Forensic Browser is a graphical interface to the tools in The Sleuth Kit, which allows you to more easily conduct an investigation. Autopsy provides case management, image integrity, keyword searching, and other automated operations.

Scroll to top