X hits on this document

139 views

0 shares

0 downloads

0 comments

43 / 47

Orion Incident Response Live CD 4

16. Conclusion

BackTrack is a very successful Live CD for penetration testers. Although many information security professionals keep BackTrack in their toolkit, it does not provide the tools needed by security incident responders. Orion is an attempt to leverage the things that make BackTrack successful -- such as an easy to use and install distribution, a comfortable user interface, and an exemplary collection of tools -- and add the capabilities needed by incident response teams. Those include team communication, collaboration, and case tracking tools. Orion provides those as well as acquisition, awareness, and analysis software. Custom wrapper scripts tie these tools together. Finally, some report templates and even report writing tools are included to help the team report in a thorough and consistent manner.

17.

References

Albert, C., Dorofee, A. J., Killcrece, G., & Zajicek, M. (2004). Defining Incident Management Processes for CSIRTs: A Work in Progress. Pittsburgh: Software Engineering Institute, Carnegie Mellon University.

Best Practical. (2010). RTIR: RT for incident response. Retrieved March 12, 2010, from Best Practical web site: http://bestpractical.com/rtir/

DEFT Linux - Computer Forensics Live CD. (2010). Retrieved March 10, 2010, from http://www.deftlinux.com/

e-fense, Inc. (2009). Helix3 Pro 2009R2 User Manual. Centennial: e-fense, Inc.

geek00l. (2010). raWPacket. Retrieved March 11, 2010, from HeX: http://www.rawpacket.org/projects/hex/

Gianluca, C., & De Franceschi, A. (2010, March 9). Internet Traffic Decoder, Network

Forensics Tool (NFAT). Retrieved April 17, 2010, from Xplico web site: http://www.xplico.org/

John Jarocki, john.jarocki@gmail.com

Document info
Document views139
Page views140
Page last viewedWed Dec 07 13:34:44 UTC 2016
Pages47
Paragraphs864
Words8806

Comments