Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

[News] Free Software Already Used in Forensics

Hash: SHA1

Tech Insight: Making The Most Of Open-Source Forensics Tools 

,----[ Quote ]
| While your CFO might love the price of these tools, it may be difficult 
| to "sell" them to your IT management. Most IT executives want someone to 
| point a finger at when a product breaks, and many want 24x7 support. While 
| some of the free and open-source tools do have ties with a company that can 
| be paid for support, most do not.    
| But don't let the support question turn you away. Today's open-source network 
| forensic tools are incredibly capable, and they can run on old hardware 
| sitting around your shop. Your cost: little to nothing. In the current 
| economy, that's a pretty compelling business case.    



MacForensicsLab Inc. Releases MacLockPick 2.1

,----[ Quote ]
| MacLockPick 2.1 now extracts data from Linux systems, too.


Linux forensics - Introduction

,----[ Quote ]
| OK, now we're ready. We have the basic understanding of what forensics really
| means, compared to serious housekeeping. We also have our must-have toolkit
| ready.


Digital Forensics in Linux - Reclaiming Data Off a Failed Hard Drive.

,----[ Quote ]
| I recently spoke with a lady who operates a Forensic Accounting consultancy.
| During the course of our conversation, she indicated that from time-to-time
| she receives requests for computer data related assistance. Namely, obtaining
| deleted information off hard drives or data off failed drives. Her business
| operates on Windows based platforms and she was wondering how productive I
| had found Linux. (I’m an Ubuntu Linux user). And if I could use Linux to
| garner “lost” data (sending drives to professional labs is very expensive for
| her clients). While I’m not a data “reclamation” or computer data forensic
| expert (by any stretch of the imagination), nevertheless I’ve delved into
| this aspect on occasion. (Mostly when a hard drive fails).        


Linux speeds up computer forensics for cops

,----[ Quote ]
| Australian university students have developed a Linux-based data forensics
| tool to help police churn through a growing backlog of computer-related
| criminal investigations.  


FBI requests spawn network forensics startup

,----[ Quote ]
| Net/FSE, which stands for Network Forensic Search Engine, is Linux-based
| server software that provides a Web interface for network managers to easily
| see an analytical profile of host-to-host activity based on NetFlow router
| data as well as log information related to the organization's firewall,
| intrusion-detection systems and security-information management.    



Notes on Vista forensics

,----[ Quote ]
| The problems are not only related to forensic software, however, and
| while some may be addressed with a simple driver update others may
| be considered even more fundamental as Scott A Moulton of Forensic
| Strategy Services, LLC. explains: "I still have major problems
| mounting large drives under Vista. I use many 1 terabyte or 2
| terabyte drives and Vista is absolutely worthless on these drives -
| I'm lucky if Vista does not actually mess the drive up. Deleting
| files is a nightmare and sometimes takes days. Just simply copying
| files is so slow it is unbearable.
| "I received quite a few responses from people who have had similar
| issues and it seems that DRM [Digital Rights Management] may be the
| most probable cause. They've found that Vista tries to check each
| file to see if there is a protection flag on it or not before even
| deleting the file."


,----[ Quote ]
| Vista—Microsoft’s latest operating system—may prove to be most
| appropriately named, especially for those seeking evidence of how a
| computer was used.


How to break forensics software

,----[ Quote ]
| One of the problems they found was that EnCase didn't like mangled MBRs, and
| from this they noticed that Linux and EnCase handled file systems in a
| completely different way. If you make a directory loop manually, EnCase hides
| all the files from that point on while Linux can see it just fine. Similarly,
| if you make a deeply nested directory, thousands deep with no other children,
| EnCase crashes. Both can be used to hide things, and both will be fixed in a
| near future revision.      


Solera Networks Announces Open Source License for DataEcho Web Forensics

,----[ Quote ]
| Solera Networks, Inc., the technology leader in network packet record
| and playback appliances, today announced that source code for DataEcho,
| a web session reconstruction application, will be made available under
| the GNU General Public License.


Technalign Releases Linux Based Computer Forensics Systems

,----[ Quote ]
| Warren Woodford, CEO of MEPIS, LLC, said, "The new Frontier Forensics
| tool represents the next generation in both Linux and Forensics,
| helping both law enforcement and corporate security to secure
| evidence, solve crimes, and secure networks."

Version: GnuPG v1.4.9 (GNU/Linux)


[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index