http://www.foundstone.com/us/resources/proddesc/forensictoolkit.htm
hfind and sfind can be used to find hidden files and alternate stream files.
http://technet.microsoft.com/en-us/sysinternals/bb897440.aspx
Streams.exe can find alternate data streams.
No comments:
Post a Comment