FTimes 3.10.0

FTimes is a system baselining and evidence collection tool.

  Add it to your Download Basket!

 Add it to your Watch List!

0/5

Rate it!

What's new in FTimes 3.10.0:

  • The code was cleaned up and refined as necessary.
  • Several bugs have been fixed.
  • This release includes updated support for file hooks and introduces KL-EL-based XMagic.
  • Consequently, the minimum required version of libklel has been rasied to 1.1.0, which has a library version of 2:0:1.
Read full changelog
send us
an update
LICENSE TYPE:
GPL (GNU General Public License) 
USER RATING:
UNRATED
  0.0/5
DEVELOPED BY:
The FTimes Project Team
HOMEPAGE:
ftimes.sourceforge.net
CATEGORY:
ROOT \ System \ Monitoring
1 FTimes Screenshot:
FTimes
FTimes is a system baselining and evidence collection tool. FTimes's primary purpose is to gather and/or develop information about specified directories and files in a manner conducive to intrusion analysis.

FTimes is a lightweight tool in the sense that it doesn't need to be "installed" on a given system to work on that system, it is small enough to fit on a single floppy, and it provides only a command line interface.

Preserving records of all activity that occurs during a snapshot is important for intrusion analysis and evidence admissibility. For this reason, FTimes was designed to log four types of information: configuration settings, progress indicators, metrics, and errors. Output produced by FTimes is delimited text, and therefore, is easily assimilated by a wide variety of existing tools.

FTimes basically implements two general capabilities: file topography and string search. File topography is the process of mapping key attributes of directories and files on a given file system. String search is the process of digging through directories and files on a given file system while looking for a specific sequence of bytes. Respectively, these capabilities are referred to as map mode and dig mode.

FTimes supports two operating environments: workbench and client-server. In the workbench environment, the operator uses FTimes to do things such as examine evidence (e.g., a disk image or files from a compromised system), analyze snapshots for change, search for files that have specific attributes, verify file integrity, and so on. In the client-server environment, the focus shifts from what the operator can do locally to how the operator can efficiently monitor, manage, and aggregate snapshot data for many hosts. In the client-server environment, the primary goal is to move collected data from the host to a centralized system, known as an Integrity Server, in a secure and authenticated fashion. An Integrity Server is a hardened system that has been configured to handle FTimes GET, PING, and PUT HTTP/S requests.

The FTimes distribution contains a script called nph-ftimes.cgi that may be used in conjunction with a Web server to implement a public Integrity Server interface. Deeper topics such as the construction and internal mechanics of an Integrity Server are not addressed here.

Last updated on April 2nd, 2013

feature list

#system baselining #evidence collection #system monitoring #FTimes #baselining #evidence #collection

Add your review!

SUBMIT