The Forensic Server Project (FSP) is a proof of concept tool for retrieving volatile (and some non-volatile) data from potentially compromised systems. The FSP consists of several Perl scripts and third-party utilities. The server component of the FSP is run on an investigator or administrators system, and handles all data storage and activity logging. The client components (i.e., FRU.pl and supporting Perl scripts and tools) of the FSP are burned to a CD, and run from the CD drive of the potentially compromised system. Data is copied to the server component via TCP/IP .
Viz také:
The Windows Incident Response Blog .
Dále -
zde
najdete recenzi na knihu jiného autora:
Brian Carrier: File System Forensic Analysis,Addison-Wesley Publishing Co. 2005