Author: BullyBoy, Posted: Sun Sep 07, 2008 3:08 pm Post subject: Beginner looking for tool advice ---- Hi all,
I hope this is the correct forum for this...
I am a pentester by trade, but have been asked to do a forensics-like job. The job involves determining whether a specific application leaves any sensitive data behind on a laptop after use. The application is basically a Citrix-like application, which uses a VPN to communicate back to a restricted and sensitive network.
I am assuming the types of tools I would be looking for include the following:
- a tool that snapshots the harddrive before and after use of the application, so that I can look at the "diff"/difference/delta for anything sensitive,
- a tool that does the same as above, but for memory, and/or
- a tool that monitors and records all writes to the harddrive and memory for a specific application, so that I can investigate later.
Are there specific tool suggestions that do the above? Are there any other suggestions for how I might approach this job?
Some more info:
- I have one Windows XP laptop and one Windows Vista laptop that will be provided for the job with the application installed. I have other Windows based laptops if needed.
- I would much prefer freely downloadable tools, as this job doesn't pay that much and I don't want to spend money for a tool that I may only use once. I may consider purchasing a tool though.