[转载]Windows Forensic Toolchest (WFT)(取证工具箱)

信息来源：邪恶八进制信息安全团队（www.eviloctal.com）

The Windows Forensic Toolchest (WFT) was written to provide an automated incident response [or even an audit] on a Windows system and collect security-relevant information from the system. It is essentially a forensically enhanced batch processing shell capable of running other security tools and producing HTML based reports in a forensically sound manner. A knowledgeable security person can use it to help look for signs of an incident (when used in conjunction with the appropriate tools). WFT is designed to produce output that is useful to the user, but is also appropriate for use in court proceedings.

http://www.foolmoon.net/cgi-bin/down.pl?ID=4  
http://www.foolmoon.net/security/wft/