2009. 3. 5. 15:51

포렌식 관련 참고 사이트 모음

728x90

사고대응관련 기관

 국내

 CERTCC-KR   -  http://www.certcc.or.kr/
 SecurityMap.Net IRC  -  
http://www.securitymap.net/
 KRNIC   -  
http://ip.nic.or.kr/
 CONCERT   -  
http://www.concert.or.kr/
 경찰청    -   
http://www.ctrc.go.kr/
 검찰청    -   
http://icic.sppo.go.kr/
 국정원    -   
http://www.nis.go.kr/

 국외

 FIRST    -    http://www.first.org/
 APCERT   -   
http://www.apcert.org/
 TF-CERT   -   
http://www.terena.nl/tech/task-forces/tf-csirt/

 

취약성 정보 제공 사이트

 CVE

 http://cve.mitre.org/

 CERTCC-KR

 http://www.certcc.or.kr

 Securityfocus

 http://www.securityfocus.com

 CERTCC

 http://www.cert.org

 CIAC

 http://www.ciac.org/ciac/

 SANS ISC

 http://isc.sans.org/

 ■ PGP software 

 PGPi

 http://www.pgpi.org/

 GnuPG

 http://www.gnupg.org/


 Part II: 유닉스 피해시스템 분석

 ■ 분석 도구

 netcat
 cryptcat

 http://www.atstake.com/research/tools/network_utilities/
 http://sourceforge.net/projects/cryptcat/

 lsof

 ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof

 nmap

 http://www.nmap.org
 
http://www.certcc.or.kr/tools/Nmap.html
 http://www.neohapsis.com/neolabs/neo-ports/

 chkrootkit

 http://www.chkrootkit.org

 sleuthkit/autopsy

 http://www.sleuthkit.org/index.php

 TCT

 http://www.porcupine.org/forensics/

 분석도구링크사이트

 http://www.sleuthkit.org/links.php
 http://www.opensourceforensics.org/tools/index.html
 http://www.linux-forensics.com/downloads.html

 분석 CD

 snarl  -  http://snarl.eecue.com/articles/
 FIRE  - http://fire.dmzs.com/

 

■ 무결성 관련 사이트 및 도구

 Tripwire

 http://www.certcc.or.kr/tools/tripwire.html

 SUN fingerprint
 Database

 http://sunsolve.Sun.COM/pub-cgi/show.pl?target=content/content7

 Known Goods

 http://www.knowngoods.org/

 Cyber Abuse

 http://rk.cyberabuse.org/

 NIST NSRL

 http://www.nsrl.nist.gov/

 Hacker Keeper

 http://www.hashkeeper.org

 

■ LKM 관련 자료

 Solaris LKM/BSD LKM/Linux LKM

 http://www.thc.org/papers.php

 Knark 분석문서

 http://www.certcc.or.kr/paper/paper-2.htm
 http://www.securityfocus.com/guest/4871

 Runtime Kernel Patch

 http://phrack.org/phrack/58/p58-0x07

 Adore LKM

 http://www.team-teso.net/releases.php

 kstat

 http://s0ftpj.org/en/site.html

 carbonite

 http://www.foundstone.com

 

■ log 분석 및 관리

 Counterpane

 http://www.counterpane.com/log-analysis.html

 

■ 코드분석

 strace

 http://www.liacs.nl/~wichert/strace/

 ltrace

 http://packages.debian.org/stable/utils/ltrace.html

 fenris

 http://lcamtuf.coredump.cx/fenris/devel.shtml

 REC

 http://www.backerstreet.com/rec/rec.htm

 IDA Pro

 http://www.datarescue.com/idabase/ida.htm

 

 Part III: Windows 피해시스템 분석

 ■ 디스크 복제

 EnCase  http://www.guidancesoftware.com/
 Safeback  http://www.forensics-intl.com/
 Ghost

 http://www.symantec.co.kr

 TrueImage  http://www.acronis.com/products/trueimage/
 Windows dd  http://unxutils.sourceforge.net/
 
http://fire.dmzs.com/
 VOGON Image  http://www.vogon-international.com
 Fastbloc  http://www.guidancesoftware.com

 netcat

 http://www.atstake.com/
 
http://sourceforge.net/projects/cryptcat/

 ■ 피해 정보 수집

psinfo, uptime, loggedon,
pslist, listdlls, handle, streams
 http://www.sysinternals.com
fport/vision, sfind  http://www.foundstone.com
promiscdetect  http://ntsecurity.nu/toolbox/promiscdetect
listmodules, LNS  http://www.ntsecurity.nu/

 ■ 초기대응 자동화 도구

 Biatchux  http://biatchux.dmzs.com/

 IRCR

 http://packetstormsecurity.nl/Win/IRCR.zip

 ■ 파일 분석

 fs

 http://protools.anticrack.de/files/utilities/fs.zip
 SECRETS  http://www.invisiblesecrets.com
 EnCase  http://www.guidancesoftware.com
 FTK  http://www.accessdata.com
 bintext  http://www.foundstone.com

 ■ NT 루트킷

 NT 루트킷 동작원리  http://www.phrack.org/show.php?p=55&a=5
 NT 후크(hook) 프로그래밍  http://www.iamaphex.cjb.net
 NT 후크(hook) API  http://www.anticracking.sk/elicz
 HookTool  http://www.ivosoft.com/
 Windows API 보호 프로그램  http://www.watchguard.co.kr/slock.htm

 ■ 디스크 분석

 디스크 탐색기  http://www.restorer2000.com
 
http://www.runtime.org/
 플로피디스크/하드디스크 분석  http://home.ahnlab.com/securityinfo
 Seagate 디스크 유틸리티  http://www.seagate.com/support/software
 Maxtor 디스크 유틸리티  http://www.maxtor.com/en/index.htm
 SAMSUNG 디스크 유틸리티  http://www.sec.co.kr
 슬랙 공간 검색 프로그램(NTI)  http://www.secure-data.com

 ■ 메모리 덤프

 Windows NT memory dumps  http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q235496&
 Windows 2000/xp/2003  memory dumps  http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q254649&
 Windows Debugging Tools  http://www.microsoft.com/whdc/ddk/debugging/default.mspx
 pmdump  http://ntsecurity.nu/toolbox/pmdump

 ■ Timeline 분석

 Wininterrogate  http://winfingerprint.sourceforge.net

 

 

 ■ 파일 복구

 휴지통 폴더 분석(Rifiuti)  http://sourceforge.net/projects/odessa
 파일 복구(Undelete)  http://www.execsoft.com/undelete
 GetDataBack  http://www.runtime.org
 File Recover  http://www.filerecover.com

 ■ 임시파일 분석

 Cache Auditor  http://www.webknacks.com
 PurgeIE Pro  http://www.purgeie.com
 History Reader  http://www.wbaudisch.de/HistoryReader.htm
 IE Cookie File
 IE Internet Activity
 http://sourceforge.net/project/odessa
 Examiner  http://www.paraben-forensics.com/examiner.html

 ■ 로그 파일 분석

 NT Security Event IDs  http://support.microsoft.com/default.aspx?scid=kb;en-us:174074  --> x

 Event ID 검색

 http://www.eventid.net

 Windows 2000 Event IDs  http://www.microsoft.com/korea/windows2000/techinfo/messages/default.asp
 EventCombMT  http://www.microsoft.com/downloads/release.asp?releaseid=36834
 이벤트 로그 모니터링  http://www.tntsoftware.com
 원격 이벤트 로그 수집  http://www.kiwisyslog.com/
 
http://www.rippletech.com
 Log Parser  http://www.microsoft.com/windows2000/downloads/tools/default.asp
 웹서버 공격 로그 점검  http://www.securitymap.net/sdm/docs/ids/fingerprint-80-attack.txt
 Log Parser  http://securityfocus.com/infocus/1712
 SQL-Inject 공격 분석  http://www.nextgenss.com/papers/advanced_sql_injection.pdf
 
http://www.spidynamics.com/whitepapers/WhitepaperSQLInjection.pdf

 ■ 바이너리 프로그램 분석

 Filemon, Regmon,  CPUmon, TDImon,  procexp, strings  http://www.sysinternals.com
 Winalysis  http://www.winalysis.com
 strace  http://razor.bindview.com/tools
 Tripwire  http://www.tripwire.com
 Undelete 3.0  http://www.execsoft.com/undelete
 INTACT  http://www.pedestalsoftware.com
 API Spy  http://www.matcode.com/apis32.htm
 SoftICE  http://www.numega.com/
 PE File Format  http://spiff.tripnet.se/~iczelion/files/pe1.zip
 
http://www.windowsitlibrary.com/Content/356/11/toc.html
 PEiD  http://www.mesa-sys.com/~snaker/peid
 UPX  http://upx.sourceforge.net
 gt030  http://surf.to/phax
 fd/fi FileScanner  http://protools.anticrack.de/files/utilities/fd.zip
 http://protools.anticrack.de/files/utilities/fi.zip
 Programmer’s Tools  http://protools.cjb.net/
 IDA Pro  http://www.datarescue.com/idabase/ida.htm
 PE Exploere  http://www.heaventools.com

 ■ 패스워드 해독

 @stake LC  http://www.atstake.com/
 John the Ripper  http://www.openwall.com/john/
 chntpw  http://ntpass.blaa.net
 rawwrite2  http://home.eunet.no/~pnordahl/ntpasswd
 패스워드 복구 프로젝트  http://www.openwall.com/passwords
 ELCOMSOFT  http://www.crackpassword.com
 Russian password crackers  http://www.password-crackers.com
 Passware Kit  http://www.lostpassword.com
 AccessData  http://www.accessdata.com
 PasswordService  http://www.passwordservice.com

 

Part IV: 공격자 모니터링

 ■ 네트워크 모니터링

 TCPDump

 http://www.tcpdump.org
 http://windump.polito.it

 tcpflow

 http://www.circlemud.org/~jelson/software/tcpflow/

 ngrep

 http://www.packetfactory.net/Projects/ngrep

 ethereal

 http://www.ethereal.com

 snort

 http://www.snort.org

 p0f

 http://www.stearns.org/p0f/

 dsniff

 http://monkey.org/~dugsong/dsniff/

 ■ 시스템 모니터링

 sebek

 http://www.honeynet.org/papers/honeynet/tools/index.html

 ComLog

 http://iquebec.ifrance.com/securit/

 evtsys

 https://engineering.purdue.edu/ECN/Resources/Documents/UNIX/evtsys

 원격 이벤트 로그 수집

 http://www.kiwisyslog.com/

 ■ Honeynet/Honeypot

 Honeynet.Org

 http://www.honeynet.org

 backofficer

 http://www.nfr.com/resource/backOfficer.php

 Deception Toolkit

 http://all.net/dtk/index.html

 Honeyd

 http://www.citi.umich.edu/u/provos/honeyd/

 Tracking Hackers

 http://www.tracking-hackers.com/

 Honeypots.net

 http://www.honeypots.net/

 bridge Firewall

 http://doc.kldp.org/wiki.php/DocbookSgml/Bridge_Firewall-KLDP

 Firewall 관련자료

 http://doc.kldp.org/wiki.php/LinuxdocSgml/Firewall-HOWTO

 Netfilter

 http://doc.kldp.org/wiki.php/DocbookSgml/Netfilter-hacking-TRANS

 Firewall 설정
 스크립(rc.firewall)

 http://www.honeynet.org/papers/gen2/rc.firewall

 Vmware

 http://www.vmware.com/products/

 UML

 http://user-mode-linux.sourceforge.net/

 

Part IV: 공격자 추적 및 대응

 samspade

 http://www.samspade.org/ssw/

 ARIN

 http://www.arin.net/index.html

 APNIC

 http://www.apnic.net/apnic-bin/whois.pl

 RIPE

 http://www.ripe.net/perl/whois

 LACNIC

 http://lacnic.net/cgi-bin/lacnic/whois

 KRNIC

 http://whois.nic.or.kr/

 이메일 환경개선 추진 협의체

 http://www.antispam.or.kr/

 Network Abuse Clearinghouse

 http://www.abuse.net/

 Fight Spam

 http://spam.abuse.net/

 Spamcop

 http://www.spamcop.net/

 Mail Abuse Prevention System

 http://mail-abuse.org/  


Trackback 0 Comment 3
  1. SysAnalyzer 2009.08.07 17:45 address edit & del reply

    SysAnalyzer
    http://labs.idefense.com/

  2. AccessData 2011.11.12 10:47 address edit & del reply

    AccessData Forensic Toolkit FTK 3, FTK Imager
    Cisco Packet Tracer
    Cygwin
    WinHex
    Hex Workshop 3.1
    IBM SPSS Statistics
    EnCase v6.18

  3. Favicon of http://www.twitter.com WORM9 2020.04.07 16:26 address edit & del reply

    WORM9.EXE.