Ok everyone, here’s your chance to comment, make yourself heard, voice an opinion, tell me I don’t know what the heck I’m talking about.
The question:
Using as little money as possible, assemble a list of tools (software, hardware, wetware or other) which would serve the needs of a CSIRT in time of crisis.
Lets call the time limit for responses Thursday, November 29th 2007 at 19:00EST. At that point, I’ll summarize and wrap up.
For my picks, please see comments below.
[tags]open loops, challenge, CSIRT, toolkit, hardware, software, wetware[/tags]
Software: Backtrack and Helix
Hardware: Leatherman Wave and USB/IDE writeblocker
Wetware: NIST 800-61
Backtrack: http://www.remote-exploit.org/backtrack.html
Helix: http://www.e-fense.com/helix/
Leatherman Wave: http://www.leatherman.com/products/tools/wave/default.asp
USB/IDE writeblocker: http://www.forensicpc.com/proddetail.asp?prod=T8&cat=38 (with a pair of WEIBE usb->IDE – ATA and SATA cards)
NIST 800-61: http://csrc.nist.gov/publications/nistpubs/800-61/sp800-61.pdf
Don’t forget
Sanityware: industrial sized jar of extra strength Advil.