Jon Nelson on 6 Apr 2006 15:31:49 -0000


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] forensics


Ronald Kaye Jr said:
> Hello all:
>
> I have been tasked with leading a group of networking students in the
> study of computer forensics. I have been around for awhile, and am
> familiar with operating systems,
> and just alot stuff about them.
>
> I would appreciate any input/expertise on tools, methodologies,
> organizations, etc.

Ronald,

I take it that since you are posting to this list you are interested in
using Linux as much as possible.

I have been conducting computer forensics since 1998 and here is some info
that should be helpful to you and your students.

A great forensics toolkit is Sluethkit and Autopsy which can be found here:

    http://sleuthkit.org/

That site also has a lot of good info in their publication "The Informer".

A couple of bootable forensic CD's are:

    http://www.linux-forensics.com/downloads.html
    http://www.e-fense.com/helix/
    http://www.remote-exploit.org/index.php/Auditor_main

A couple of good books are:

    * File System Forensic Analysis (Paperback)by Brian Carrier
      ISBN: 0321268172

    * Digital Evidence and Computer Crime, Second Edition (Hardcover)by
      Eoghan Casey
      ISBN: 0121631044

    * Incident Response and Computer Forensics, Second Edition (Paperback)
      by Chris Prosise, Kevin Mandia, Matt Pepe
      ISBN: 007222696X

    * Network Intrusion Detection (3rd Edition) (Paperback)
      by Stephen Northcutt, Judy Novak
      ISBN: 0735712654

Even thought it is a Windows based product there is some good information at:
    http://encase.com/support/articles/index.asp

Finally there is a pretty cool commercial product that incorporates the
ability to use Perl scripts:

    http://www.techpathways.com/DesktopDefault.aspx?tabindex=3&tabid=12

I would be happy to talk to you more offlist if you would like.

Jon

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug