Social Icons

Showing posts with label digital forensics. Show all posts
Showing posts with label digital forensics. Show all posts

Wednesday, July 09, 2014

DEFT : Digital Evidence & Forensic Toolkit Live DVD

1. DEFT (Digital Evidence & Forensic Toolkit) is a customized distribution of the Ubuntu live Linux CD@12.10. It is an easy-to-use system that includes excellent hardware detection and some of the best open-source applications dedicated to incident response and computer forensics.DEFT comes bundled with DART2 (Digital Advanced Response Toolkit) and the very best open source Windows Computer Forensic tools. Using LXDE as desktop environment and WINE to manage Windows tools under a Linux kernel, and a mount manager as tool for device management, this distro has a loyal following and we encourage you to use it.DEFT seems to be very well supported with a long list of official developers and contributors. The main developers seem to be a mix of professors, forensic (legal) experts, consultants, engineers, network specialists and more. Several law enforcement professionals are also associated with this project making it a forensics tool of choice for Information Security professionals. According to their site the distro is designed to be used by anyone working within a Response, Cyber Intelligence and/ or Computer Forensics capacity.

2.   Further to this very basic intro I give you here the screenshots as I set it up live on my virtual box.

                                   (Click on Image for enlarged view)
                                   (Click on Image for enlarged view)
                                     (Click on Image for enlarged view)
                                      (Click on Image for enlarged view)
                                        (Click on Image for enlarged view)
                                       (Click on Image for enlarged view)
                                      (Click on Image for enlarged view)
                                       (Click on Image for enlarged view)
                                       (Click on Image for enlarged view)
                                       (Click on Image for enlarged view)
                                       (Click on Image for enlarged view)
                                       (Click on Image for enlarged view)
                                       (Click on Image for enlarged view)
                                       (Click on Image for enlarged view)
                                       (Click on Image for enlarged view)

3.   Details at http://www.deftlinux.net/
Posted by at 0 comments
Labels: , , , , , , , , ,

Sunday, August 04, 2013

Fedora Security Labs

1.   The Fedora Security Lab provides a safe test environment to work on security auditing, forensics, system rescue and teaching security testing methodologies in universities and other organizations.

2.    The spin is maintained by a community of security testers and developers. It comes with the clean and fast LXDE Desktop Environment and a customized menu that provides all the instruments needed to follow a proper test path for security testing or to rescue a broken system. The Live image has been crafted to make it possible to install software while running, and if you are running it from a USB stick created with LiveUSB Creator using the overlay feature, you can install and update software and save your test results permanently.

3.    Download the .iso file from http://spins.fedoraproject.org/security/#downloads

Here in the video below,basic running of the lab along with inside features available inside are shown...


Posted by at 0 comments
Labels: , , , , , , , , , , ,

Saturday, April 27, 2013

Cloud Forensics:The State as on Date

1.   Cloud Forensics per se has got two powerful terms of today's buzzing IT World..... that's Cloud and Forensics...when traditional computing methods of forensics are still to mature...Cloud itself has a long way to go before the final matured model comes up...this combination actually refers to the world of CLOUD FORENSICS. NIST defines it as follows :

"Cloud forensics is the application of digital forensics science in cloud computing environments. Technically, it consists of a hybrid forensic approach (e.g., remote, virtual, network, live, large-scale, thin-client, thick-client) towards the generation of digital evidence. Organizationally, it involves interactions among cloud actors (i.e.,cloud provider, cloud consumer, cloud broker, cloud carrier, cloud auditor) for the purpose of facilitating both internal and external investigations. Legally it often implies multi-jurisdictional and multi-tenant situations."

2.   Today at NULLs meet,I got an opportunity to give this presentation on Cloud Forensics....the copy is shown below :


3. About NULL...please read about the community at their website at http://null.co.in/. The team is doing a great job for buzzing IT professionals,students,geeks,script kiddies(like me!!! :-). NULL boasts of an active security community where monthly meets and regular security awareness camps in various Institutions and Organizations are held. Basically a bunch of security phreaks who like to share their technical expertise and hacking skills with each other and spread awareness among the common people about the good, the bad and the ugly side of computers and technology. They believe that sharing the right technical knowledge leads to expertise and innovation.I joined them about 4 months back and have learned a lot in few meets that I attended!!!!!

Posted by at 1 comments
Labels: , , , , , , ,

Tuesday, April 10, 2012

HELIX : ADEPTO USAGE@SCREEN CORD


DOUBLE CLICK ON THE VIDEO TO VIEW BETTER


Posted by at 0 comments
Labels: , , , , , , ,

INCIDENT RESPONSE,ELECTRONIC DISCOVERY,COMPUTER FORENSICS LIVE CD : HELIX

HELIX INCIDENT RECOVERY AND FORENSIC LIVE CD

A small pptx introducing to the HELIX FORENSIC LIVE CD.
Posted by at 1 comments
Labels: , , , , , ,

Sunday, October 31, 2010

Image Ballistics : Incredible IT

1. In a typical crime or a murder case anywhere involving a pistol or a firing weapon,the forensic or the investigating personnel's involved can make out the make and model of the firing weapon with the help of the bullet found on site.The field dealing with this is known as ballistics.Now sync this with the field of IT....now imagine that u have shot a photograph or are analyzing some pic and you wish to know which camera was used to shoot that pic.......can u find out???????Yes....the answer is yesss!!!the field is known as Image Ballistics.

2. In a recent case,i read about a rave party being organized at outer skirts of a city with about a 200  plus people ,all collegites and similar age group....all of them had a blast and a few with some wrong ideas caught hold of a girl...drugged her and made some obscene mms and clicked some pics...next day it was uploaded on the you tube and the social networking sites.....now how to find the culprit?pretty difficult when about a 200 plus strength of personnel's have to be inquired.....the answer is Image Ballistics....the investigating agency got hold of the pics...came to know which model the pics were clicked from...yes the answer was a famous Nokia Model mobile.....so the owners were now limited to 8 out of the 200 plus strength...there mobiles checked and the simple recovery software's were enough to find out the culprit......imagine....isn't it astonishing.....
 3.   I checked up the state of pics clicked from my camera years back and all answers were correct.....few Nikon,few sony.......one easy and free tool for such investigation is JPEGSNOOP.Simple to download,very small size and great analysis report.....

Posted by at 0 comments
Labels: , , , , , , , ,

Wednesday, October 20, 2010

Collection of Forensic Softwares : TUCOFS

I found this good link with a identified set of softwares for various OSs and lot many links to other websites..worth a look if u have some interest in DIGITAL FORENSICS
Posted by at 0 comments
Labels: , , , , , ,

Wednesday, September 15, 2010

ORDER OF VOLATILITY OF DIGITAL EVIDENCE

1. Not all information-based evidence is the same! Evidence can be organized into an “order of volatility” meaning how long it will stick around for you to collect until it automatically is lost.

2. Dan Farmer & Wietse Venema created the below table of evidence volatility, which is commonly referenced by forensic professionals. For example, information stored on a CD-R or some optical storage media can last for about 10-100 years depending on the brand used. Information stored in a computer’s main memory, by contrast, will last for only tens of nanoseconds before it is wiped out by the computer’s normal processing.

TYPE OF DATA

LIFESPAN

Registers, peripheral memory, caches, etc.

Nanoseconds or less

Main memory

Ten nanoseconds

Network state

Milliseconds

Running processes

Seconds

Disk

Minutes

Floppies, backup media, etc.

Years

CD-ROMs, printouts, etc.

Tens of years

3. Very critical from forensics point of view.....most people would want to turn a computer off (or at the very least unplug it from the network) when they realize an incident has occurred. However, as noted in the chart above, one will lose evidence in main memory and “network state” information (which other systems the computer is connected with and what information they are exchanging) with such an approach. Even shutting down a computer the “normal” way (Start / Turn Off Computer / Turn Off in Windows XP) can delete evidence, as Windows performs a number of housekeeping tasks in the shutdown process, such as closing opened files and clearing out the temporary disk cache.

4. Thanks Peter C. Hewitt (Read from Browser Forensics).

Posted by at 0 comments
Labels: , , , , ,
Subscribe to: Posts (Atom)
Powered By Blogger