• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
"Open Source Resources Used in Computer Forensics" by Cezar Spatariu Neagu @ eLiberatica 2007

"Open Source Resources Used in Computer Forensics" by Cezar Spatariu Neagu @ eLiberatica 2007



This is a presentation held at eLiberatica 2007. ...

This is a presentation held at eLiberatica 2007.


One of the biggest events of its kind in Eastern Europe, eLiberatica brings community leaders from around the world to discuss about the hottest topics in FLOSS movement, demonstrating the advantages of adopting, using and developing Open Source and Free Software solutions.

The eLiberatica organizational committee together with our speakers and guests, have graciously allowed media representatives and all attendees to photograph, videotape and otherwise record their sessions, on the condition that the photos, videos and recordings are licensed under the Creative Commons Share-Alike 3.0 License.



Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Adobe PDF

Usage Rights

CC Attribution-ShareAlike LicenseCC Attribution-ShareAlike License

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

    "Open Source Resources Used in Computer Forensics" by Cezar Spatariu Neagu @ eLiberatica 2007 "Open Source Resources Used in Computer Forensics" by Cezar Spatariu Neagu @ eLiberatica 2007 Presentation Transcript

    • Resurse Open Source în Computer Forensic 18 Mai 2007 Cezar Spatariu Neagu
    • AgendăCine sînt eu?Ce este Computer Forensic?De ce Computer Forensic cu ajutorul tool-urilor Open Source?Distribu ii, tool-uri şi resurse.Implica ii legale.Întrebări, răspunsuri, discu ii.
    • Ce este computer forensic?Computer forensic is application of the scientific methods to digital media in order to establish factual information for juridical review.Fapte penale:– Îndreptate împotriva unui calculator.– Unde calculatorul con ine probe.– Unde calculatorul este instrument în comiterea infrac iunii.
    • De ce computer forensic?Cine sînt tipii răi?Ce s-a intîmplat şi cînd?De ce s-a intîmplat?Ce putem face să nu se mai întîmple?
    • De ce open source ?One of the questions I hear most often is: “why should I use Linux when I already have [insert Windows GUI forensic tool here]?” There are many reasons why Linux is quickly gaining ground as a forensic platform. I’m hoping this document will illustrate some of those attributes. · Control – not just over your forensic software, but the whole OS and attached hardware. · Flexibility – boot from a CD (to a complete OS), file system support, platform support, etc. · Power – A Linux distribution is a forensic tool.“The Law Enforcement and Forensic Examiners Introduction to Linux A Beginners Guide” NASA
    • Computer Forensic înseamnă:Prelevarea datelor.Analiza probelor.Documentareaîntregului proces.
    • Probleme ‚To pull or not the cable?‘. This is the question. Offline Forensic Online Forensic – Root-kit-uri, criptoviruşi, malware (memory resident), – Medii criptate. – Sisteme ce nu pot fi oprite.Starea sistemului este modificată.DOCUMENTEAZĂ!
    • Proprietă iO distribu ie (LiveCD) poate fi folosită dacă:– NU modifică sistemul de unde se prelevează.TESTEAZĂ!(vezi Knoppix)– Suportă un spectru larg de controlere.– Oferă programe (shell-uri şi binaries) pentru prelevare de probe online.– Oferă sisteme de logging pentru documentarea procesului de forensic.
    • Tool pentru prelevarenc, hdparm, fdisk, mmls, lshw, cat /proc/…dd if=/dev/victimaHDD_MEM of=/media/caseNr.dddclfdd if=/dev/victimaHDD_MEM of=/media/caseNrhash=sha1sum hashlog=/media/CaseNr/image.hashsha1sum ori md5sum?aimage (AFT Tools) linen ( EnCase Image Acquisition Tool )
    • Tool-uri pentru analizăfile, strings, scalpel,foremost (reconstituiefisiere)Autopsy (integrare cu NSRL), PyFLAG (casemanagement)Sleuthkit ,Faust (analiza binary si shell script-uri)Antivirus (ClamAV. F-Prot)Rootkit detector (chkrootkit, rkhunter)Stego (Outguess, Stegdetect )libewf Expert Witness Library - Encase
    • Windows WorldRegviewer – Registry Viewer– (share-uri accesate, device-uri conectate, timeline, useri)GroKEVT – analiza Windows Event ViewRifiuti – analiza Recycle BINfcrackzipInternet Explorer pasco index.dat galleta cookieFirefox mork.pl
    • Live CD-uri HELIX (http://www.e-fense.com/helix/) – Windows, Linux, (Solaris ) online forensic – Live CD FCCU GNU/Linux Forensic Boot CD – Live si analiza CD DEFT (http://www.stevelab.net/deft/) ASRData (http://www.asrdata.com)Şi nu uita- i de optiunea „noswap“ în grub!!
    • Implica ii LegaleOrice caz trebuie tratat corespunzător.Legisla ie ??? (Ministerul de Justi ie, Interne)Competen a examinatorului (certificări)– SANS– International Association of Computer Investigative Specialists (IACIS)– The International Society of Forensic Computer Examiners - ISFCE– etc.
    • ResurseDocumenta ii şi proiecte – Open Sourse Digital Forensic http://www.opensourceforensics.org – Honeynet Project http://www.honeynet.org – ForensicWiki http://www.forensicswiki.org – Computer Forensics Tool Testing http://www.cftt.nist.gov/Live CD-uri – Helix http://www.e-fense.com/helix – FCCU http://www.lnx4n6.be/
    • Informa ii Prezentare va fi disponibilă pe site-ul: – http://eliberatica.ro – http://securityaspects.wordpress.com Contact cezar (.) spatariu (at) gmail (.)com Şi nu uita i:Not all „BAD GUYS“ are from ROMANIA☺