Evidence Collector in no more maintain by Security-Database. We just let it here for informations and history.
Description
Evidence Collector is a free forensics program used to manage other utilities to collect useful information you may need to investigate on some IT Incidents.
Features
- System information : Get owner, IP, MAC address before going through forensics.
- Shares and policies applied on shares : very handy to detect if someone gets into computer from opened shares.
- Started and stopped services : Some services could be a wide opened doors to get unauthorized accesses.
- Installed softwares : Unwanted softwares could be installed without your knowledge. See what inside your computer
- Installed Hotfixes : Enumerating installed hotfixes. Note that a missed critical patch is a potential exploitable vulnerability.
- Enumerated Processes : List whole processes starting on system.
- Events logs : Application, system and security events logs are collected. Events logs keep traces of what happened to system.
- TCP / UDP mapping endpoints : See what hidden behind TCP / UDP ports. Generally, most of remote administration tools and trojans don't hide their activities.
- Process handles tracking : See what processes did when started. From accessing Registry keys to writing into files. Useful to see if evil activities are not disguised behind some processes.
- List start-up programs : When rebooting computers, many evil programs stick into registry keys in order to be reloaded again.
- Suspected modules : Scanning modules to see if they are rootkitted.
- USB history : Reveals if any USB key has been plugged into system.
- Users policies : Collecting users and their policy. You can easily identify any unknown user.
- And more...
