Forensics Tools for AD
Joachim Metz and Csaba Barta have written excellent tools for the forensics analysis and offline security assessment of the Windows Active directory.
Joachim Mertz
has written a lot of libraries to handle various file formats with a forensic analysis in mind libesedb and his other projects on SourceForge and Google CodeCsaba Barta
is using the export of the ds database from libesedb and is doing excellent work in parsing the data and be able to perform offline queries and exports of data with his framework ntdsxtract. Here is the excellent white paper about NTDS.DIT
No comments:
Post a Comment