Forensic investigation using free Linux tools
Here is a scenario you can think about. An administrator of a company has been accused of hoarding illegal material of questionable moral content on his company network system. You have been called upon to examine the suspect server and unearth evidence related to the said illegal material. Your boss have told you that you are not allowed to shutdown the server. Unfortunately no additional money is available to buy forensic tools or equipment. In this workshop we will explain, how to use free forensic tools to investigate such cases.
We will use the following forensic products:
* The Helix 3 Live CD to create a server image on the running system
* PTK and TSK running on a Mandriva 2009 Server to investigate the case
Helix is a customized distribution of Ubuntu Linux. It is more than just a bootable live CD. You can still boot into a customized Linux environment that includes customized linux kernels, excellent hardware detection and many applications dedicated to Incident Response and Forensics. You are also able to use Helix tools for acquisition and investigation on a running Windows system.
The PTK is a graphical (web-based) interface to the command line digital investigation analysis tools in The Sleuth Kit. Together, they can analyze Windows and UNIX disks and file systems (NTFS, FAT, UFS1/2, Ext2/3). Both The SleuthKit and PTK Source Code are available and run on UNIX platforms. The file system tools allow you to examine file systems of a suspect computer in a non-intrusive fashion. Because the tools do not rely on the operating system to process the file systems, deleted and hidden content is shown.
- Login or register to post comments
- Printer-friendly version
- 1604 reads
- PDF version
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
digiKam 7.7.0 is releasedAfter three months of active maintenance and another bug triage, the digiKam team is proud to present version 7.7.0 of its open source digital photo manager. See below the list of most important features coming with this release. |
Dilution and Misuse of the "Linux" Brand
|
Samsung, Red Hat to Work on Linux Drivers for Future TechThe metaverse is expected to uproot system design as we know it, and Samsung is one of many hardware vendors re-imagining data center infrastructure in preparation for a parallel 3D world. Samsung is working on new memory technologies that provide faster bandwidth inside hardware for data to travel between CPUs, storage and other computing resources. The company also announced it was partnering with Red Hat to ensure these technologies have Linux compatibility. |
today's howtos
|
Recent comments
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago