About OIT About the OIT
Directories Directories
Connect to Network Connect to Network
Network Services Network Services
Security IT Security
Voice Services Voice Services
Cable TV Cable Television
Computing Computing
Information Resources Information Resources
Committees IT Committees
Jobs IT Jobs at UCSB
spacer spacer
spacer Office of Information Technology  
spacer view site index contact OIT staff
  OIT Home > Security > Recover from an Intrusion
spacer spacer

Recover from an Intrusion


Detect an Intruder or System Compromise

Forensic Analysis Tools

  • chkrootkit: Locally checks for signs of a rootkit.
  • find_ddos: A Denial-of-Service attack program finder.
  • fport: Tool for mapping unknown open ports to their associated applications on Windows systems.
  • TCPView: An application that lets you monitor TCP and UDP activity on your local system. It is the most powerful tool available for tracking down network-related configuration problems and analyzing application network usage.
  • The Coroner's Toolkit: (TCT) for UNIX and Linux Systems
  • Vision: The GUI successor to fport.
  • SecCheck: A Windows forensic tool which aids in the detection and removal of malicious applications, back doors, trojans, worms, and viruses that may be unknowingly installed.

Recover from a System Compromise


spacer University of California Santa Barbara Home Page
  Copyright 2003-2015 The Regents of the University of California, All Rights Reserved
Web contactTerms of UseAccessibility
Last modified: 1/3/2011