Jon Nelson on 6 Apr 2006 15:31:49 -0000

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] forensics

Ronald Kaye Jr said:
> Hello all:
> I have been tasked with leading a group of networking students in the
> study of computer forensics. I have been around for awhile, and am
> familiar with operating systems,
> and just alot stuff about them.
> I would appreciate any input/expertise on tools, methodologies,
> organizations, etc.


I take it that since you are posting to this list you are interested in
using Linux as much as possible.

I have been conducting computer forensics since 1998 and here is some info
that should be helpful to you and your students.

A great forensics toolkit is Sluethkit and Autopsy which can be found here:

That site also has a lot of good info in their publication "The Informer".

A couple of bootable forensic CD's are:

A couple of good books are:

    * File System Forensic Analysis (Paperback)by Brian Carrier
      ISBN: 0321268172

    * Digital Evidence and Computer Crime, Second Edition (Hardcover)by
      Eoghan Casey
      ISBN: 0121631044

    * Incident Response and Computer Forensics, Second Edition (Paperback)
      by Chris Prosise, Kevin Mandia, Matt Pepe
      ISBN: 007222696X

    * Network Intrusion Detection (3rd Edition) (Paperback)
      by Stephen Northcutt, Judy Novak
      ISBN: 0735712654

Even thought it is a Windows based product there is some good information at:

Finally there is a pretty cool commercial product that incorporates the
ability to use Perl scripts:

I would be happy to talk to you more offlist if you would like.


Philadelphia Linux Users Group         --
Announcements -
General Discussion  --