The Coroner's Toolkit (TCT)

Not Rated

Description

The Coroner's Toolkit (TCT) is a collection of programs by Dan Farmer and Wietse Venema for a post-mortem analysis of a UNIX system after a break-in. TCT enables you to collect date regarding deleted files, modification times of files and more.

Install this BEFORE you need to use it, so you don't risk destroying essential forensic data before you begin.

Tools contained within this package: grave-robber, lazarus, inode-cat (ex icat), ils, unrm and pcat.

Home Page: http://www.porcupine.org/forensics/tct.html

Interface: Command Line

Associated Programs

acct	The GNU Accounting utilities for process and login accounting
File	Determines file type using magic numbers
lsof	List open files
Perl	Larry Wall's Practical Extraction and Report Language
TimeOut	Run a command with a time limit.

Available deb Repositories (how-to add a respository)

Debian	32-bit	64-bit
sarge	1.11-6.1
etch	1.11-6.3	1.11-6.3
lenny	1.11-6.4
sid	1.11-6.5	1.11-6.5

Ubuntu	32-bit	64-bit
dapper	1.11-6.2	1.11-6.2
edgy	1.11-6.2	1.11-6.2
feisty	1.11-6.3	1.11-6.3
gutsy	1.11-6.3	1.11-6.3
hardy	1.11-6.3	1.11-6.3

Install Now (what is this?)

Rating: Not Rated (0 votes)

Upload Screenshots

Images must be in GIF, JPG, or PNG formats and can be no larger than 2 MB. Only one file can be uploaded at a time. A description can be included, but it is optional.

Submit Web Links

Submit the title and link (including http://) to an article pertaining to The Coroner's Toolkit (TCT) and it will appear in the Web Links section of the right banner. Contact us here if an entry needs to be removed.

Linux App Finder

User login

Categories

Day's Most Viewed

Recent blog posts

Learn More

Who's online

Subscribe

The Coroner's Toolkit (TCT)

Write a Review

Advertisement

Web Links

Recent comments

Active forum topics