Skip to main content

More on Digital Forensics

So the SIFT workstation is up and running - almost. My slow internet connection is making the updating take a long time. Yesterday it ran almost all day to get SIFT on the machine. Lots of changes from stock Ubuntu - app installs, timezone changes, and the theme has been tarted up.

I looked at the digital images yesterday and thought about how to go about all of this. It's a little bit more complex than I thought. I know what I want, and I know what the output should be, its the pesky bits in the middle that are causing me some annoyance. Specifically the steganography output and how to carve the text files to get into what is clearly inside them. They are far too large for the text that they have.

I understand the methodology - it's quite clearly outlined in the text book, but there's a big difference between having your head around that and applying it. In order to write the report I have step through things fairly systematically - it's the way the old brain works and getting that system into some sort of operational semblance is the trick. There are some great cheatsheets on the desktop of a new SIFT install, for which I'm profoundly grateful. I'll read through these and have a good think.

There is a lot of info about forensic work out there. The glut of it makes it time consuming to go through, yet enjoyable at the same time. Once I've had a bit more time, I'll make known some of the posts that I've found interesting and relate my own experiences here!

Comments

Popular posts from this blog

Plone - the open source Content Management System - a review

One of my clients, a non-profit, has a lot of files on it's clients. They need a way to digitally store these files, securely and with availability for certain people. They also need these files to expire and be deleted after a given length of time - usually about 7 years. These were the parameters I was given to search for a Document Management System (DMS) or more commonly a Content Management System (CMS). There are quite a lot of them, but most are designed for front facing information delivery - that is, to write something, put it up for review, have it reviewed and then published. We do not want this data published ever - and some CMS's make that a bit tricky to manage. So at the end of the day, I looked into several CMS systems that looked like they could be useful. The first one to be reviewed was OpenKM ( www.openkm.com ). It looked OK, was open source which is preferable and seemed to have solid security and publishing options. Backing up the database and upgradin

elementary OS 5.1 Hera - a review and a revisit

 It's been ages since I used a desktop Linux distribution - being up to my ears in the horror of implementing ISO 27001 doesn't leave you much time to play around with computers - too busy writing policies, auditing and generally trying to improve security to a formally acceptable and risk managed level. I need a quick, small OS though to do the occasional network scan, view the contents of a dodgy file on and for general, low impact activities. I remembered reviewing elementary OS ( elementary.io ) some time ago ( see  https://www.ryv.id.au/2015/01/elementary-os-review.html ) from 2015 so I thought it was worth a revisit.  I downloaded the ISO from their website, forgoing to donation for the moment while I review it. If it turns out I'm going to keep using it, I'll send them some love. The ISO is 1.38GB in size and I booted it in a VMware Player instance. From go to whoa (I won't include the install photos here) it took about 10 minutes with a dual vCPU and 4GB of

Windows 10 Enterprise Eval - gotchas

After an annoying turn of events where my Windows 10 Enterprise USB drive failed, attempts to install Win10 onto a computer failed miserably. I turned to the net and managed to get my hands on Microsoft's Windows 10 Enterprise Evaluation. I have an enterprise key so I thought - cool! Here's the opportunity to get it going and to then upgrade the license later. Full install, patched etc and all is swell. Except when I try to upgrade. I straight up tried changing the licence key only to get a variety of errors, most of which are pertaining to the activation system being unavailable. The I try this: https://winaero.com/blog/upgrade-windows-10-evaluation-to-full-version-easily/ but it doesn't work either. Next I'll try this: h ttp://www.edugeek.net/forums/windows-10/174594-upgrading-windows-10-enterprise-90-evaluation-full.html And if all else fails, in goes the bootable USB I've now created. If only I'd had this in the first instance I would not be writing t