16 lines
706 B
Text
16 lines
706 B
Text
TCT is a collection of programs by Dan Farmer and Wietse Venema for a
|
|
post-mortem analysis of a UNIX system after break-in.
|
|
|
|
Notable TCT components are the grave-robber tool that captures
|
|
information, the ils and mactime tools that display access patterns of
|
|
files dead or alive, the unrm and lazarus tools that recover deleted
|
|
files, and the findkey tool that recovers cryptographic keys from a
|
|
running process or from files.
|
|
|
|
WARNING
|
|
|
|
This software is not for the faint of heart. It is relatively
|
|
unpolished compared to the software that Dan and Wietse usually
|
|
release. TCT can spend a lot of time collecting data. And although
|
|
TCT collects lots of data, many analysis tools still need to be
|
|
written.
|