Digital Forensics

[CyberCop]

I found something interesting on the SANS website and I think that Mr. Churchill has a great idea. He writes the following:

 

"In my opinion, if someone was to take CCleaner?s .INI files and create a tool that does the exact opposite of CCleaner ? parse each item and create an information report instead of cleaning them, they would have one heck of a triage tool."

 

Matt Churchill currently manages the digital forensics practice at Continuum Worldwide and has earned the GCFA, CFCE, CCE, and CISSP certifications. You can follow him on Twitter @matt_churchill.

 

Has anyone at Piriform thought about getting into the digital forensics arena? I know 10 different agencies that would jump on the product he is describing.

[Nergal]

um doesn't analyse (and not run cleaner)do this?

[Aethec]

I think what he meant is to actually parse the files' content ?

 

Microsoft's COFEE (Computer Online Forensic Evidence Extractor) already does this if I'm not mistaken. They give it to Interpol and others.

[mal]

this post leads me to a useful program that hasnt been made yet.

 

In my "storage/tools I have maybe 50 programs I have downloaded over the years, from win 311 to vista.

Most of these just have exe with no name attached, so going properties gives no info.

 

To find out what the exe is , I open it[ double click] and wait until the installer says what it is. Then I hit cancel.

There should be a program that would look at a directory "storage/tools" and show all the info.

[hope this makes sense]

[login123]

MAL. try Filealyzer. HERE Free.

 

Back on topic, +1 to CyberCops suggestion (since this is a wish list).