So the SIFT workstation is up and running - almost. My slow internet connection is making the updating take a long time. Yesterday it ran almost all day to get SIFT on the machine. Lots of changes from stock Ubuntu - app installs, timezone changes, and the theme has been tarted up.
I looked at the digital images yesterday and thought about how to go about all of this. It's a little bit more complex than I thought. I know what I want, and I know what the output should be, its the pesky bits in the middle that are causing me some annoyance. Specifically the steganography output and how to carve the text files to get into what is clearly inside them. They are far too large for the text that they have.
I understand the methodology - it's quite clearly outlined in the text book, but there's a big difference between having your head around that and applying it. In order to write the report I have step through things fairly systematically - it's the way the old brain works and getting that system into some sort of operational semblance is the trick. There are some great cheatsheets on the desktop of a new SIFT install, for which I'm profoundly grateful. I'll read through these and have a good think.
There is a lot of info about forensic work out there. The glut of it makes it time consuming to go through, yet enjoyable at the same time. Once I've had a bit more time, I'll make known some of the posts that I've found interesting and relate my own experiences here!