Forensic Toolkit 2.0

Developer
Foundstone
Size
0.33 MB
Operating System
Windows All
License
Freeware
Category
Hard Disk Utilities

Download Links

Download
Forensic Toolkit

The Forensic ToolKit contains several Win32 Command line tools that can help you examine the files on a NTFS disk partition for unauthorized activity. We built these tools to help us do our job, we hope they can help you as well. It is the only tool that lists files by their last access time without tampering the data the way that right-clicking on file properties in Explorer will. AFind allows you to search for access times between certain time frames, coordinating this with logon info provided from ntlast, you can to begin determine user activity even if file logging has not been enabled.

Command Line Switches

afind [dir] /f [filename] /ns=no subs /a after /b before /m between
time format =

hfind [dir] /hd=find dir/system attribs /ns=no subs

sfind [dir] /ns=no subs

filestat [filename]

hunt [\servername]

System Requirements

* Windows NT 4.0 SP3
* 16MB Memory
* Administrator privileges
* Audit log enabled with searchable records
* Set NT command line buffer to 500 or more lines. 1200 or more lines works well

 

 

LEAVE A REPLY

Please enter your comment!
Please enter your name here