Jon Nelson on 6 Apr 2006 15:31:49 -0000 |
Ronald Kaye Jr said: > Hello all: > > I have been tasked with leading a group of networking students in the > study of computer forensics. I have been around for awhile, and am > familiar with operating systems, > and just alot stuff about them. > > I would appreciate any input/expertise on tools, methodologies, > organizations, etc. Ronald, I take it that since you are posting to this list you are interested in using Linux as much as possible. I have been conducting computer forensics since 1998 and here is some info that should be helpful to you and your students. A great forensics toolkit is Sluethkit and Autopsy which can be found here: http://sleuthkit.org/ That site also has a lot of good info in their publication "The Informer". A couple of bootable forensic CD's are: http://www.linux-forensics.com/downloads.html http://www.e-fense.com/helix/ http://www.remote-exploit.org/index.php/Auditor_main A couple of good books are: * File System Forensic Analysis (Paperback)by Brian Carrier ISBN: 0321268172 * Digital Evidence and Computer Crime, Second Edition (Hardcover)by Eoghan Casey ISBN: 0121631044 * Incident Response and Computer Forensics, Second Edition (Paperback) by Chris Prosise, Kevin Mandia, Matt Pepe ISBN: 007222696X * Network Intrusion Detection (3rd Edition) (Paperback) by Stephen Northcutt, Judy Novak ISBN: 0735712654 Even thought it is a Windows based product there is some good information at: http://encase.com/support/articles/index.asp Finally there is a pretty cool commercial product that incorporates the ability to use Perl scripts: http://www.techpathways.com/DesktopDefault.aspx?tabindex=3&tabid=12 I would be happy to talk to you more offlist if you would like. Jon ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|