etch  ] [  etch-m68k  ] [  lenny  ] [  squeeze  ] [  sid  ]
[ Source: tct  ]

Package: tct (1.11-6.3)

Forensics related utilities.

The Coroner's Toolkit (TCT) is a collection of programs by Dan Farmer and Wietse Venema for a post-mortem analysis of a UNIX system after a break-in. TCT enables you to collect date regarding deleted files, modification times of files and more.

Install this BEFORE you need to use it, so you don't risk destroying essential forensic data before you begin.

Tools contained within this package: grave-robber, lazarus, inode-cat (ex icat), ils, unrm and pcat.

Tags: User Interface: Command Line, Role: Program, Scope: Utility, Security: Forensics, Intrusion Detection

Other Packages Related to tct

  • depends
  • recommends
  • suggests
  • dep: file
    Determines file type using "magic" numbers
  • dep: libc6 (>= 2.3.5-1)
    GNU C Library: Shared libraries
  • dep: libdate-manip-perl
    a perl library for manipulating dates
  • dep: perl
    Larry Wall's Practical Extraction and Report Language
  • dep: timeout
    Run a command with a time limit.
  • rec: lsof
    List open files
  • sug: acct
    The GNU Accounting utilities for process and login accounting

Download tct

Download for all available architectures
Architecture Package Size Installed Size Files
m68k 146.3 kB572 kB [list of files]