From: H C [keydet89@YAHOO.COM]
Sent: Thursday, October 18, 2001 9:10 PM
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Subject: Some NT/2K tools of interest

I just wanted to point out some new tools I've made
available, and a project I've been working on.

First, at:

http://patriot.net/~carvdawg/perl.html

Sniffer.pl
This is an alternative tool to detect the possibility
of sniffers on NT/2K.  It works by querying the system
for the device drivers, and as it enumerates through,
it looks for 'packet.sys'.  If it finds it, the tool
will return the state of the driver.  Packet.sys is
the winpcap device driver, used by snort, windump,
Ethereal, and even L0phtcrack3.

Hasher.pl
This is a GUI-based tool that allows the user to
select a file, and will return the MD5 and SHA1 hashes
for the file.  The GUI was requested, and it's
Tk-based.

Also of interest may be the Forensics Server Project:

http://patriot.net/~carvdawg/fsproj.html

This is a framework I've been working on to automate
the collection, hashing, and documentation of data
during 'live' forensics investigations.  The Forensics
Server Project is meant to be an alternative to
repeatedly opening netcat listeners and connections,
hashing the resultant files, and then documenting the
action by hand.  The Project is initially intended for
volatile data, but non-volatile data can also be
retrieved, as in during a 'live' forensics
investigation.

Thanks.  Comments always welcome.

Carv
keydet89@yahoo.com

__________________________________________________
Do You Yahoo!?
Make a great connection at Yahoo! Personals.
http://personals.yahoo.com

============================================================================
Delivery co-sponsored by Trend Micro, Inc.
============================================================================
BEST-OF-BREED ANTIVIRUS SOLUTION FOR MICROSOFT EXCHANGE 2000
Earn 5% rebate on licenses purchased for Trend Micro ScanMail for
Microsoft Exchange 2000 between October 1 and November 16. ScanMail
ensures 100% scanning of inbound and outbound traffic and provides
remote software management. For program details or to download your
30-day FREE evaluation copy:
http://www.antivirus.com/banners/tracking.asp?si=53&bi=245&ul=http://www.a
ntivirus.com/smex2000_rebate