Beginner looking for tool advice

Networking/Security Forums -> Computer Forensics and Incident Response

Author: BullyBoy PostPosted: Sun Sep 07, 2008 3:08 pm    Post subject: Beginner looking for tool advice
    ----
Hi all,

I hope this is the correct forum for this...

I am a pentester by trade, but have been asked to do a forensics-like job. The job involves determining whether a specific application leaves any sensitive data behind on a laptop after use. The application is basically a Citrix-like application, which uses a VPN to communicate back to a restricted and sensitive network.

I am assuming the types of tools I would be looking for include the following:
- a tool that snapshots the harddrive before and after use of the application, so that I can look at the "diff"/difference/delta for anything sensitive,
- a tool that does the same as above, but for memory, and/or
- a tool that monitors and records all writes to the harddrive and memory for a specific application, so that I can investigate later.

Are there specific tool suggestions that do the above? Are there any other suggestions for how I might approach this job?

Some more info:
- I have one Windows XP laptop and one Windows Vista laptop that will be provided for the job with the application installed. I have other Windows based laptops if needed.
- I would much prefer freely downloadable tools, as this job doesn't pay that much and I don't want to spend money for a tool that I may only use once. I may consider purchasing a tool though.

Any help greatly appreciated!
BullyBoy.



Networking/Security Forums -> Computer Forensics and Incident Response


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group