Tuesday, March 29, 2005

FTimes

<a href="http://ftimes.sourceforge.net/FTimes/FTimes+in
+Action/IntrusionAnalysis.shtml">FTimes is a forensics tool for
working with alternate data streams (ADS). It's drawback is that it
depends on the local OS. In other words, if the kernel is compromised,
it may not see certain ADSs.