[clug] Simple computer forensics?

Ben shadroth at gmail.com
Thu Oct 13 15:14:18 GMT 2005

>A friend just called, they need a (windows) PC
>vetted for keyloggers and other malware.
>Anyone out there do simple forensics commercially?

Spybot S&D works wonders, I use it regularly.
Ad-Aware SE is great, but it hasn't found anything for me that Spybot
didn't pick up.

I use (and resell) Grisoft's AVG. It's the best (and cheapest) I've
ever found. RRP ~$35USD for 2 years. There's a free 30 day trial, and
a straight up free version, except it won't auto update, auto check,
or scan incoming and outgoing email.

> Know a good dd command to clone a disk?
> (Don't know if it's FAT or NTFS)

www.ultimatebootcd.com is free and full of tools you may find useful,
the full version (also free) comes with INSERT linux.

> Can a suspect windows PC
>  be comprehensively checked for malware,
>  or is re-building the only sure path?

Malware from the ground up, unfortunately :P

Spybot S&D, AVG usually do alright.

I've had a client using that , but something slipped through. The
nasty part got squashed by AVG on every reboot, but it kept
respawning. I needed a combination of tweaking with "regedit" and
"msconfig" to kill it for good.


More information about the linux mailing list