SANS Digital Forensics and Incident Response Blog: Category - Computer Forensics

Building a UNIX/Linux Incident response / Forensic Disk

There are many Linux distributions readily available. This however should not stop you creating your own version of a UNIX forensic tools disc. Whether you are on Solaris, HP-UX or any other variety of UNIX it is simple to create a forensic tools CD that can go between systems. The added benefit of this method is that the tools do not need to be left on the production server. This in itself could be a security risk and the ability to unmount the CD and take it with you increases security.

The ability to create a customized CD for your individual system means that the analyst can have their tools available for any UNIX system that they need to work with. It may also be possible to create a universal forensic CD. Using statically linked binaries, a single DVD or CD could be created with separate directories for every UNIX variety in use in the organization that you are working on. For instance, the same CD could contain a directory called "/Solaris" which would act as the base

... Continue reading Building a UNIX/Linux Incident response / Forensic Disk


RSA 2010 - Digital Forensic Analyst Notebook

The RSA Security Conference was held this week in San Francisco. The conference is jammed packed with sessions, whiteboarding events, demonstrations, and more. Here are my observations and interview sound bites. I was covering RSA San Francisco 2010 as a forensic analyst and co-host of The CyberJungle, a weekly live news and talk program on security, privacy, and the law.

Digital forensics is still the non-sexy topic at RSA Security. There were no dedicated forensics tracks for this conference. But computer forensics were mentioned now and then in session talks, although many times by the audience more than the speakers.

Smart Grid Forensics
For example, there was an industry panel on electric smart grid security standards. The panelists in this session did not have forensics on their agenda, but a member of the audience did. Gerry Brown is an independent forensics consultant.

...


The Chain of Custody for 2010-03-07 - Weekly Tweets

  • The Chain of Custody for 2010-02-28 - Weekly Tweets http://bit.ly/b40ED5 #
  • Organiser of Darkmarket fraud website jailed- A man who created a website trading in stolen financial information l... http://bit.ly/cYnSd4 #
  • EviGator Digital Forensics release iPhorensic- EviGator Digital Forensics have released Version 1.0.0 of iPhorensic... http://bit.ly/aWfJL5 #
  • Open Source Android Digital Forensics Application http://bit.ly/bQ9mYR

Computer Forensics Tool Testing (CFTT) Survey

The Computer Forensics Tool Testing (CFTT) team at NIST and NW3C want to know what digital forensics tools you are using and what digital forensics tools you want NIST to test. Please take a few minutes to complete the below linked survey and share with us your valuable feedback.

http://www.nw3c.org/nist_survey.cfm

To learn more about CFTT and the NW3C visit http://www.cftt.nist.gov and http://www.nw3c.org.

This survey is very important to state and local law enforcement as it is your voice and input, directly to NIST, for testing of the forensic hardware and software you use every day. A NIST evaluation of the tools you use has many benefits to you, your agency, and the cases you work. The survey itself is all multiple choice with an

...


Digital Forensics Case Leads: Herding botnet herders

It's been a busy week, with RSA and BSides conferences both taking place in San Francisco. Ira Victor will have a wrap up of news from RSA tomorrow so look for that. Be sure to check out Robert Shullich's paper on exFAT (see below) as we're sure to encounter this more and more in our digital forensics work.

Tools:

...