Skip to main content

The Foray into Digital Forensics

As part of  my tertiary studies I'm now working on Digital Forensics. Our latest assignment includes some steganography, some bit shifting and writing a forensic report on a made-up or actual scenario that we find or invent.

I thought it might of use to write a bit about the experience I'm having getting into this. From the course we are supplied a variety of different tools with a variety of different capabilities. Being a Linux chap, I thought it would be cool to go into the open source tools. Running ElementaryOS on laptop has made this difficult and more than a little frustrating. Perhaps because I'm not big on what the best tools are, or the install methods - but I'm experiencing annoyance. I'm currently downloading Ubuntu 14.04 Desktop to put the SANS Investigative Forensic Toolkit (SIFT) version 3 on it. Details on SIFT can be found at http://digital-forensics.sans.org/community/downloads. I'll work this later - I'm still waiting on Ubuntu to download. It doesn't help living out in the bush.

The Windows tools I have played with thus far include:

  • ProDiscover Basic
  • Hex Workshop
  • OSForensics
  • WinHEX
I've also found Notepad++ to be quite useful. It's a very powerful notepad replacement I find useful for many applications of work - find it here: https://notepad-plus-plus.org

The textbook also seems pretty good - "Guide to Computer Forensics and Investigations" Nelson, Phillips and Steuart are the authors. Lots of good examples and methods for working through things. Annoyingly, but this is to be expected, it all has a US slant on it, including laws and rights. Translating them into Australian can be tricky at times. There are a lot of good resources on the Net - SANS as I've already mentioned, CERT and AusCERT aren't bad. Google is, as always, your friend.

I've spoken with some friends about this and they immediately assume its like CSI-Cyber and we use cyber to describe everything - it's a cybercrime, it's a cyberstalking, its a cyberpen I'm writing on this cyberpaper with etc. Of course it's not like that at all. Lots of painstaking attention to detail and writing a *lot* of notes. You can't blow through this stuff on a hunch - stupid TV shows seem to make it a lot easier than it is and people jump around with ideas and stuff all the time. What a bag of pish! At any rate it's fascinating stuff if you have the patience and technical background for it.

I'll update and add a post as I play with SIFT and with the particular case I'm investigating.

I have spent some time on the digital forensic reddit https://www.reddit.com/r/computerforensics/ which has some great info and great help for people. I thank the contributors for their time and effort. Was looking through a bit list of blogs and stuff about forensics. Sad that so many of them have fallen away. There's some gold in amongst it though. On to the SIFT install!

Comments

  1. Great article. I also ca say that today security of data in internet is very important. I studied data room review and there are good variants.

    ReplyDelete

Post a Comment

Popular posts from this blog

Plone - the open source Content Management System - a review

One of my clients, a non-profit, has a lot of files on it's clients. They need a way to digitally store these files, securely and with availability for certain people. They also need these files to expire and be deleted after a given length of time - usually about 7 years. These were the parameters I was given to search for a Document Management System (DMS) or more commonly a Content Management System (CMS). There are quite a lot of them, but most are designed for front facing information delivery - that is, to write something, put it up for review, have it reviewed and then published. We do not want this data published ever - and some CMS's make that a bit tricky to manage. So at the end of the day, I looked into several CMS systems that looked like they could be useful. The first one to be reviewed was OpenKM ( www.openkm.com ). It looked OK, was open source which is preferable and seemed to have solid security and publishing options. Backing up the database and upgradin

Musings on System Administration

I was reading an article discussing forensic preparation for computer systems. Some of the stuff in there I knew the general theory of, but not the specifics of how to perform. As I thought about it, it occurred to me that Systems Administration is such a vast field. There is no way I can know all of this stuff. I made a list of the software and operating systems I currently manage. They include: - Windows Server 2003, Standard and Enterprise - Exchange 2003 - Windows XP - Windows Vista - Windows 2000 - Ubuntu Linux - OpenSuSE Linux - Mac OSX (10.3 and 10.4) - Solaris 8 - SQL 2005 - Various specialised software for the transport industry I have specific knowledge on some of this, broad knowledge on all of it, and always think "There's so much I *don't* know". It gets a bit down heartening sometimes. For one thing - I have no clue about SQL 2005 and I need to make it work with another bit of software. All complicated and nothing straightforward. Irritating doesn&

elementary OS 5.1 Hera - a review and a revisit

 It's been ages since I used a desktop Linux distribution - being up to my ears in the horror of implementing ISO 27001 doesn't leave you much time to play around with computers - too busy writing policies, auditing and generally trying to improve security to a formally acceptable and risk managed level. I need a quick, small OS though to do the occasional network scan, view the contents of a dodgy file on and for general, low impact activities. I remembered reviewing elementary OS ( elementary.io ) some time ago ( see  https://www.ryv.id.au/2015/01/elementary-os-review.html ) from 2015 so I thought it was worth a revisit.  I downloaded the ISO from their website, forgoing to donation for the moment while I review it. If it turns out I'm going to keep using it, I'll send them some love. The ISO is 1.38GB in size and I booted it in a VMware Player instance. From go to whoa (I won't include the install photos here) it took about 10 minutes with a dual vCPU and 4GB of