FTimes is a system baselining and evidence collection tool. Its primary purpose is to gather and/or develop topographical information and attributes about specified directories and files in a manner conducive to intrusion and forensic analysis. It was designed to support the following initiatives: content integrity monitoring, incident response, intrusion analysis, and computer forensics.
The KoreLogic Expression Language Library (libklel) is a C library that provides a simple expression language that can be embedded in other programs. It does not implement a full programming language, but rather a simpler expression language called KL-EL that is designed to provide arithmetic and logic operations in situations where embedding a full programming language would be overkill. KL-EL can access functions and variables exported from the embedding program, and is statically and strongly typed, which helps ensure that expressions are valid before they are executed. The embedding API is easy to use, and the library itself is very small.
WebJob downloads a program over HTTP/HTTPS and executes it in one unified operation. The output, if any, may be directed to stdout/stderr or a WebJob server. WebJob may be useful in incident response and intrusion analysis as it provides a mechanism to run known good diagnostic programs on a potentially compromised system. WebJob also provides a framework that is conducive to centralized management. Therefore, it can support and help automate a large number of common administrative tasks and host-based monitoring scenarios.
Re: please contact me > Klayton, > > Can you please contact me as I have some > questions as to whether I can use ftimes > to extract some files off my drives that >...