Re: [PLUG] forensics

Jon Nelson on 6 Apr 2006 15:31:49 -0000

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] forensics

From: "Jon Nelson" <quincy@linuxnotes.net>

To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>

Subject: Re: [PLUG] forensics

Date: Thu, 6 Apr 2006 11:34:01 -0400 (EDT)

Reply-to: quincy@linuxnotes.net, Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Sender: plug-bounces@lists.phillylinux.org

User-agent: SquirrelMail/1.4.4-rc1

Ronald Kaye Jr said: > Hello all: > > I have been tasked with leading a group of networking students in the > study of computer forensics. I have been around for awhile, and am > familiar with operating systems, > and just alot stuff about them. > > I would appreciate any input/expertise on tools, methodologies, > organizations, etc. Ronald, I take it that since you are posting to this list you are interested in using Linux as much as possible. I have been conducting computer forensics since 1998 and here is some info that should be helpful to you and your students. A great forensics toolkit is Sluethkit and Autopsy which can be found here: http://sleuthkit.org/ That site also has a lot of good info in their publication "The Informer". A couple of bootable forensic CD's are: http://www.linux-forensics.com/downloads.html http://www.e-fense.com/helix/ http://www.remote-exploit.org/index.php/Auditor_main A couple of good books are: * File System Forensic Analysis (Paperback)by Brian Carrier ISBN: 0321268172 * Digital Evidence and Computer Crime, Second Edition (Hardcover)by Eoghan Casey ISBN: 0121631044 * Incident Response and Computer Forensics, Second Edition (Paperback) by Chris Prosise, Kevin Mandia, Matt Pepe ISBN: 007222696X * Network Intrusion Detection (3rd Edition) (Paperback) by Stephen Northcutt, Judy Novak ISBN: 0735712654 Even thought it is a Windows based product there is some good information at: http://encase.com/support/articles/index.asp Finally there is a pretty cool commercial product that incorporates the ability to use Perl scripts: http://www.techpathways.com/DesktopDefault.aspx?tabindex=3&tabid=12 I would be happy to talk to you more offlist if you would like. Jon ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:

Re: [PLUG] forensics
From: "Michael James" <MJames@stonebridgebank.com>

References:

[PLUG] forensics
From: "Ronald Kaye Jr" <rekaye1005@verizon.net>

Prev by Date: [PLUG] python talk tonight

Next by Date: [PLUG] SANS@Penn: Security 401 - SANS Security Essentials w/ Bootcamp, June 19-24, 2006

Previous by thread: [PLUG] forensics

Next by thread: Re: [PLUG] forensics

Index(es):

Date

Thread