Resurse Open Source în  Computer Forensic       18 Mai 2007   Cezar Spatariu Neagu
AgendăCine sînt eu?Ce este Computer Forensic?De ce Computer Forensic cu ajutorul tool-urilor Open Source?Distribu ii, tool...
Ce este computer forensic?Computer forensic is application of the scientific  methods to digital media in order to establi...
De ce computer forensic?Cine sînt tipii răi?Ce s-a intîmplat şi cînd?De ce s-a intîmplat?Ce putem face să nu se mai întîmp...
De ce open source ?One of the questions I hear most often is: “why should I use Linux when I  already have [insert Windows...
Computer Forensic înseamnă:Prelevarea datelor.Analiza probelor.Documentareaîntregului proces.
Probleme  ‚To pull or not the cable?‘. This is the question.  Offline Forensic  Online Forensic  – Root-kit-uri, criptovir...
Proprietă iO distribu ie (LiveCD) poate fi folosită dacă:– NU modifică sistemul de unde se  prelevează.TESTEAZĂ!(vezi Knop...
Tool pentru prelevarenc, hdparm, fdisk, mmls, lshw, cat /proc/…dd if=/dev/victimaHDD_MEM of=/media/caseNr.dddclfdd if=/dev...
Tool-uri pentru analizăfile, strings, scalpel,foremost (reconstituiefisiere)Autopsy (integrare cu NSRL), PyFLAG (casemanag...
Windows WorldRegviewer – Registry Viewer– (share-uri accesate, device-uri conectate, timeline,  useri)GroKEVT – analiza Wi...
Live CD-uri   HELIX (http://www.e-fense.com/helix/)    – Windows, Linux, (Solaris ) online forensic    – Live CD   FCCU GN...
Implica ii LegaleOrice caz trebuie tratat corespunzător.Legisla ie ??? (Ministerul de Justi ie, Interne)Competen a examina...
ResurseDocumenta ii şi proiecte   –   Open Sourse Digital Forensic  http://www.opensourceforensics.org   –   Honeynet Proj...
Informa ii  Prezentare va fi disponibilă pe site-ul: – http://eliberatica.ro – http://securityaspects.wordpress.com  Conta...
Upcoming SlideShare
Loading in...5
×

"Open Source Resources Used in Computer Forensics" by Cezar Spatariu Neagu @ eLiberatica 2007

319
-1

Published on

This is a presentation held at eLiberatica 2007.

http://www.eliberatica.ro/2007/

One of the biggest events of its kind in Eastern Europe, eLiberatica brings community leaders from around the world to discuss about the hottest topics in FLOSS movement, demonstrating the advantages of adopting, using and developing Open Source and Free Software solutions.

The eLiberatica organizational committee together with our speakers and guests, have graciously allowed media representatives and all attendees to photograph, videotape and otherwise record their sessions, on the condition that the photos, videos and recordings are licensed under the Creative Commons Share-Alike 3.0 License.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
319
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
8
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

"Open Source Resources Used in Computer Forensics" by Cezar Spatariu Neagu @ eLiberatica 2007

  1. 1. Resurse Open Source în Computer Forensic 18 Mai 2007 Cezar Spatariu Neagu
  2. 2. AgendăCine sînt eu?Ce este Computer Forensic?De ce Computer Forensic cu ajutorul tool-urilor Open Source?Distribu ii, tool-uri şi resurse.Implica ii legale.Întrebări, răspunsuri, discu ii.
  3. 3. Ce este computer forensic?Computer forensic is application of the scientific methods to digital media in order to establish factual information for juridical review.Fapte penale:– Îndreptate împotriva unui calculator.– Unde calculatorul con ine probe.– Unde calculatorul este instrument în comiterea infrac iunii.
  4. 4. De ce computer forensic?Cine sînt tipii răi?Ce s-a intîmplat şi cînd?De ce s-a intîmplat?Ce putem face să nu se mai întîmple?
  5. 5. De ce open source ?One of the questions I hear most often is: “why should I use Linux when I already have [insert Windows GUI forensic tool here]?” There are many reasons why Linux is quickly gaining ground as a forensic platform. I’m hoping this document will illustrate some of those attributes. · Control – not just over your forensic software, but the whole OS and attached hardware. · Flexibility – boot from a CD (to a complete OS), file system support, platform support, etc. · Power – A Linux distribution is a forensic tool.“The Law Enforcement and Forensic Examiners Introduction to Linux A Beginners Guide” NASA
  6. 6. Computer Forensic înseamnă:Prelevarea datelor.Analiza probelor.Documentareaîntregului proces.
  7. 7. Probleme ‚To pull or not the cable?‘. This is the question. Offline Forensic Online Forensic – Root-kit-uri, criptoviruşi, malware (memory resident), – Medii criptate. – Sisteme ce nu pot fi oprite.Starea sistemului este modificată.DOCUMENTEAZĂ!
  8. 8. Proprietă iO distribu ie (LiveCD) poate fi folosită dacă:– NU modifică sistemul de unde se prelevează.TESTEAZĂ!(vezi Knoppix)– Suportă un spectru larg de controlere.– Oferă programe (shell-uri şi binaries) pentru prelevare de probe online.– Oferă sisteme de logging pentru documentarea procesului de forensic.
  9. 9. Tool pentru prelevarenc, hdparm, fdisk, mmls, lshw, cat /proc/…dd if=/dev/victimaHDD_MEM of=/media/caseNr.dddclfdd if=/dev/victimaHDD_MEM of=/media/caseNrhash=sha1sum hashlog=/media/CaseNr/image.hashsha1sum ori md5sum?aimage (AFT Tools) linen ( EnCase Image Acquisition Tool )
  10. 10. Tool-uri pentru analizăfile, strings, scalpel,foremost (reconstituiefisiere)Autopsy (integrare cu NSRL), PyFLAG (casemanagement)Sleuthkit ,Faust (analiza binary si shell script-uri)Antivirus (ClamAV. F-Prot)Rootkit detector (chkrootkit, rkhunter)Stego (Outguess, Stegdetect )libewf Expert Witness Library - Encase
  11. 11. Windows WorldRegviewer – Registry Viewer– (share-uri accesate, device-uri conectate, timeline, useri)GroKEVT – analiza Windows Event ViewRifiuti – analiza Recycle BINfcrackzipInternet Explorer pasco index.dat galleta cookieFirefox mork.pl
  12. 12. Live CD-uri HELIX (http://www.e-fense.com/helix/) – Windows, Linux, (Solaris ) online forensic – Live CD FCCU GNU/Linux Forensic Boot CD – Live si analiza CD DEFT (http://www.stevelab.net/deft/) ASRData (http://www.asrdata.com)Şi nu uita- i de optiunea „noswap“ în grub!!
  13. 13. Implica ii LegaleOrice caz trebuie tratat corespunzător.Legisla ie ??? (Ministerul de Justi ie, Interne)Competen a examinatorului (certificări)– SANS– International Association of Computer Investigative Specialists (IACIS)– The International Society of Forensic Computer Examiners - ISFCE– etc.
  14. 14. ResurseDocumenta ii şi proiecte – Open Sourse Digital Forensic http://www.opensourceforensics.org – Honeynet Project http://www.honeynet.org – ForensicWiki http://www.forensicswiki.org – Computer Forensics Tool Testing http://www.cftt.nist.gov/Live CD-uri – Helix http://www.e-fense.com/helix – FCCU http://www.lnx4n6.be/
  15. 15. Informa ii Prezentare va fi disponibilă pe site-ul: – http://eliberatica.ro – http://securityaspects.wordpress.com Contact cezar (.) spatariu (at) gmail (.)com Şi nu uita i:Not all „BAD GUYS“ are from ROMANIA☺
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×