Michael James on 7 Apr 2006 15:20:23 -0000


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] forensics


For an examination of a Blackberry device, try this:  http://www.rh-law.com/ediscovery/Blackberry.pdf 

(somewhat dated, but a good read)

The information in this message may be proprietary and/or confidential, and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify Stonebridge Bank immediately by replying to this message and deleting it from your computer. 

>>> "Jon Nelson" <quincy@linuxnotes.net> 4/6/2006 11:34 am >>>
Ronald Kaye Jr said:
> Hello all:
>
> I have been tasked with leading a group of networking students in the
> study of computer forensics. I have been around for awhile, and am
> familiar with operating systems,
> and just alot stuff about them.
>
> I would appreciate any input/expertise on tools, methodologies,
> organizations, etc.

Ronald,

I take it that since you are posting to this list you are interested in
using Linux as much as possible.

I have been conducting computer forensics since 1998 and here is some info
that should be helpful to you and your students.

A great forensics toolkit is Sluethkit and Autopsy which can be found here:

    http://sleuthkit.org/ 

That site also has a lot of good info in their publication "The Informer".

A couple of bootable forensic CD's are:

    http://www.linux-forensics.com/downloads.html 
    http://www.e-fense.com/helix/ 
    http://www.remote-exploit.org/index.php/Auditor_main 

A couple of good books are:

    * File System Forensic Analysis (Paperback)by Brian Carrier
      ISBN: 0321268172

    * Digital Evidence and Computer Crime, Second Edition (Hardcover)by
      Eoghan Casey
      ISBN: 0121631044

    * Incident Response and Computer Forensics, Second Edition (Paperback)
      by Chris Prosise, Kevin Mandia, Matt Pepe
      ISBN: 007222696X

    * Network Intrusion Detection (3rd Edition) (Paperback)
      by Stephen Northcutt, Judy Novak
      ISBN: 0735712654

Even thought it is a Windows based product there is some good information at:
    http://encase.com/support/articles/index.asp 

Finally there is a pretty cool commercial product that incorporates the
ability to use Perl scripts:

    http://www.techpathways.com/DesktopDefault.aspx?tabindex=3&tabid=12 

I would be happy to talk to you more offlist if you would like.

Jon

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org 
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce 
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug