About OIT About the OIT
Directories Directories
Connect to Network Connect to Network
Network Services Network Services
Security IT Security
Voice Services Voice Services
Cable TV Cable Television
Computing Computing
Information Resources Information Resources
Committees IT Committees
Jobs IT Jobs at UCSB
 
spacer spacer
spacer Office of Information Technology  
spacer
spacer
           
spacer
spacer
spacer view site index contact OIT staff
spacer
spacer
  OIT Home > Security > Recover from an Intrusion
spacer spacer
 

Recover from an Intrusion
 

Detect an Intruder or System Compromise

Forensic Analysis Tools

  • chkrootkit: Locally checks for signs of a rootkit.
  • find_ddos: A Denial-of-Service attack program finder.
  • fport: Tool for mapping unknown open ports to their associated applications on Windows systems.
  • TCPView: An application that lets you monitor TCP and UDP activity on your local system. It is the most powerful tool available for tracking down network-related configuration problems and analyzing application network usage.
  • The Coroner's Toolkit: (TCT) for UNIX and Linux Systems
  • Vision: The GUI successor to fport.
  • SecCheck: A Windows forensic tool which aids in the detection and removal of malicious applications, back doors, trojans, worms, and viruses that may be unknowingly installed.

Recover from a System Compromise

ETA
  spacer
spacer University of California Santa Barbara Home Page
  Copyright © 2003-2024 The Regents of the University of California, All Rights Reserved
Web contactTerms of UseAccessibility
Last modified: 1/3/2011
  spacer