[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Full-disclosure] Microsoft GhostBuster Opinions
- To: "Dave King" <davefd@xxxxxxxxxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxxx>
- Subject: RE: [Full-disclosure] Microsoft GhostBuster Opinions
- From: "Todd Towles" <toddtowles@xxxxxxxxxxxxxxx>
- Date: Fri, 18 Mar 2005 11:14:35 -0600
Dan wrote:
> I agree that that this can be done currently with open
> source (or at least free) tools currently. Basically what
> GhostBuster was meant to do as far as I can tell, was to
> simply automate currently available tools.
> With Linux it would be simple to come up with a complety open
> source solution that would work great and could be easily
> downloaded as an ISO. I suppose this may be possible with
> Knoppix, but the whole captive needing to find an NTFS driver
> thing kind of slows the whole thing down. It seems that the
> best solution for a Windows tool would be to create a BartPE
> plugin that would do the trick.
Yep, BartPE plug-in would be sweet. Microsoft has a free file MD5 hash
tool (http://support.microsoft.com/default.aspx?scid=kb;en-us;841290)
that can be used to build MD5 hashes for the whole directory. Just need
to write a BAT that takes a input Hash listing ( on-line ditry version)
and compares it to the new hash listing (off-line clean version). Just a
idea.
Maybe this is what Microsoft is creating, just hiding all these steps in
a new free tool - which is made of current free tools. Don't know.
-Todd
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://www.secunia.com/