These files are a companion to the "Forensic Discovery" book by Dan
Farmer and Wietse Venema, published in 2004 by Addison-Wesley.

Some software is merely proof-of-concept code, and you can do with
it as you please.  Other software is covered by Dan's COPYRIGHT,
or by IBM's public LICENSE, as indicated in the software itself.

We include an extended version of the Coroner's Toolkit that was
used for our persistence measurements in chapters 7 and 8.  We did,
however, not include the many little custom programs that we wrote
for the analysis of the data.  This was specialized code, and we
feel that it is of too little value, compared to the effort of
making it suitable for release.

	Dan and Wietse

Chapter 2:
macdns.pl	Mactime report from DNS cache
macjournal	Mactime report from ext3fs journal

Chapter 4:
ncc.pl		Netcat in Perl

Chapter 5:
checkpid.pl	Hidden process detector

Chapter 7 and 8:
tct-blockhash	Disk/memory long-term persistence studies

Chapter 8:
dump-mem.pl	memory dumper in Perl
memdump-1.0	memory dumper in C
memdecay	Short-term memory persistence studies
