-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Tech Insight: Making The Most Of Open-Source Forensics Tools
,----[ Quote ]
| While your CFO might love the price of these tools, it may be difficult
| to "sell" them to your IT management. Most IT executives want someone to
| point a finger at when a product breaks, and many want 24x7 support. While
| some of the free and open-source tools do have ties with a company that can
| be paid for support, most do not.
|
| But don't let the support question turn you away. Today's open-source network
| forensic tools are incredibly capable, and they can run on old hardware
| sitting around your shop. Your cost: little to nothing. In the current
| economy, that's a pretty compelling business case.
`----
http://www.darkreading.com/security/intrusion-prevention/showArticle.jhtml?articleID=216500272
Recent:
MacForensicsLab Inc. Releases MacLockPick 2.1
,----[ Quote ]
| MacLockPick 2.1 now extracts data from Linux systems, too.
`----
http://www.businesswire.com/portal/site/google/?ndmViewId=news_view&newsId=20090325005376&newsLang=en
Linux forensics - Introduction
,----[ Quote ]
| OK, now we're ready. We have the basic understanding of what forensics really
| means, compared to serious housekeeping. We also have our must-have toolkit
| ready.
`----
http://www.dedoimedo.com/computers/forensics-intro.html
Digital Forensics in Linux - Reclaiming Data Off a Failed Hard Drive.
,----[ Quote ]
| I recently spoke with a lady who operates a Forensic Accounting consultancy.
| During the course of our conversation, she indicated that from time-to-time
| she receives requests for computer data related assistance. Namely, obtaining
| deleted information off hard drives or data off failed drives. Her business
| operates on Windows based platforms and she was wondering how productive I
| had found Linux. (I’m an Ubuntu Linux user). And if I could use Linux to
| garner “lost” data (sending drives to professional labs is very expensive for
| her clients). While I’m not a data “reclamation” or computer data forensic
| expert (by any stretch of the imagination), nevertheless I’ve delved into
| this aspect on occasion. (Mostly when a hard drive fails).
`----
http://ubuntulinuxhelp.com/digital-forensics-in-linux-reclaiming-data-off-a-failed-hard-drive/
Linux speeds up computer forensics for cops
,----[ Quote ]
| Australian university students have developed a Linux-based data forensics
| tool to help police churn through a growing backlog of computer-related
| criminal investigations.
`----
http://www.zdnet.com.au/news/software/soa/Linux-speeds-up-computer-forensics-for-cops/0,130061733,339286557,00.htm?feed=rss
FBI requests spawn network forensics startup
,----[ Quote ]
| Net/FSE, which stands for Network Forensic Search Engine, is Linux-based
| server software that provides a Web interface for network managers to easily
| see an analytical profile of host-to-host activity based on NetFlow router
| data as well as log information related to the organization's firewall,
| intrusion-detection systems and security-information management.
`----
http://www.linuxworld.com.au/index.php?id=2113131704&rid=-50
Related:
Notes on Vista forensics
,----[ Quote ]
| The problems are not only related to forensic software, however, and
| while some may be addressed with a simple driver update others may
| be considered even more fundamental as Scott A Moulton of Forensic
| Strategy Services, LLC. explains: "I still have major problems
| mounting large drives under Vista. I use many 1 terabyte or 2
| terabyte drives and Vista is absolutely worthless on these drives -
| I'm lucky if Vista does not actually mess the drive up. Deleting
| files is a nightmare and sometimes takes days. Just simply copying
| files is so slow it is unbearable.
|
| "I received quite a few responses from people who have had similar
| issues and it seems that DRM [Digital Rights Management] may be the
| most probable cause. They've found that Vista tries to check each
| file to see if there is a protection flag on it or not before even
| deleting the file."
`----
http://www.theregister.co.uk/2007/04/16/vista_forensics_2/page3.html
,----[ Quote ]
| Vista—Microsoft’s latest operating system—may prove to be most
| appropriately named, especially for those seeking evidence of how a
| computer was used.
`----
http://www.abanet.org/journal/ereport/jy13tkjasn.html
How to break forensics software
,----[ Quote ]
| One of the problems they found was that EnCase didn't like mangled MBRs, and
| from this they noticed that Linux and EnCase handled file systems in a
| completely different way. If you make a directory loop manually, EnCase hides
| all the files from that point on while Linux can see it just fine. Similarly,
| if you make a deeply nested directory, thousands deep with no other children,
| EnCase crashes. Both can be used to hide things, and both will be fixed in a
| near future revision.
`----
http://www.theinquirer.net/default.aspx?article=41616
Solera Networks Announces Open Source License for DataEcho Web Forensics
Software
,----[ Quote ]
| Solera Networks, Inc., the technology leader in network packet record
| and playback appliances, today announced that source code for DataEcho,
| a web session reconstruction application, will be made available under
| the GNU General Public License.
`----
http://biz.yahoo.com/prnews/061215/laf002.html?.v=69
Technalign Releases Linux Based Computer Forensics Systems
,----[ Quote ]
| Warren Woodford, CEO of MEPIS, LLC, said, "The new Frontier Forensics
| tool represents the next generation in both Linux and Forensics,
| helping both law enforcement and corporate security to secure
| evidence, solve crimes, and secure networks."
`----
http://in.sys-con.com/read/284789_p.htm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAknhOJgACgkQU4xAY3RXLo4WXACfX7ULxZkBWhSPPDtONHmHcoOH
QgEAnR5KNpCob7Jwf9yBv+BiSxIyYM+V
=44no
-----END PGP SIGNATURE-----
|
|
