2. Hello & Welcome
Tony Godfrey is the CEO / Linux Consultant of
Falconer Technologies (est 2003) specializing in Linux.
He has written several articles on the body of knowledge
of security administration, is a regular contributor to a
variety of Linux publications, and has written technical
content for Linux education nation-wide at the college
level.
He also teaches topics covering Linux, Network
Security, Cisco routers, Cybercrime and System
Forensics.
8. There is a difference
Sumuri is basing their Open Source on Ubuntu, so
apt-get/etc works really well if you need something
additional.
Edge – is only for 32-bit, is a basic-working Ubuntu
distro, and only has disk imaging as its main point.
Paladin – is for 64-bit, full functioning Ubuntu distro,
and 84 built-in forensics tools.
14. What’s in the box, Pandora?
Development Tools
Active Python, Eric python IDE
Excryption Tools
FileVaultInfo, FileVaultMount, VeraCrypt
File Differential Tools
KDiff3, VBinDiff
15. What’s in the box, Pandora?
Forensic Suite
Autopsy3, DFF
DFF (Digital Forensics Framework) is a free and Open
Source computer forensics software built on top of a
dedicated Application Programming Interface (API).
dff -h
dff-gui
17. What’s in the box, Pandora?
Internet Analysis
Pasco
An Internet Explorer activity forensic analysis tool.
./pasco index.dat > index.txt
Log Analysis
WindowsEventLogExport, WindowsEventLogInfo
WindowsXMLEventLogExport,WindowsXMLEventLogInf
o
18. What’s in the box, Pandora?
Mail Analysis
EML Viewer, Readdbx, Readoe, ReadPST
Malware Analysis
YARA
YARA is a tool aimed at (but not limited to) helping
malware researchers to identify and classify malware
samples. With YARA you can create descriptions of
malware families (or whatever you want to describe)
based on textual or binary patterns.
19. What’s in the box, Pandora?
Memory Analysis
Inception
Inception is a physical memory manipulation and
hacking tool exploiting PCI-based DMA. The tool can
attack over FireWire, Thunderbolt, ExpressCard, PC
Card and any other PCI/PCIe interfaces
20. What’s in the box, Pandora?
Memory Analysis
Rekall Console
http://www.rekall-forensic.com/
Rekall is the most complete Memory Analysis
framework. Rekall provides an end-to-end solution to
incident responders and forensic analysts
Rekall Web Console
21. What’s in the box, Pandora?
Messenger Forensics
Skype Extractor - offers a direct way to view
conversations by listed contacts with timestamps and
chat details
Metadata Analysis
Exif Tool (pictures), try exiftool –h
exiftool <x>.jpg
LinkEditor - Rifiuti
22. What’s in the box, Pandora?
Mobile Device Analysis
iDeviceBackup, iDeviceBackup2, iDeviceDate,
iDevice_ID, iDeviceInfo, iDeviceName
Ipddump, iPhone Analyzer
Network Analysis
Wireshark
23. What’s in the box, Pandora?
Password Discovery
JTR Password Cracker, Ophcrack
Plist Analysis
Plist Analysis
Reporting Tools
RecordMyDesktop
24. What’s in the box, Pandora?
Social Media Analysis
Creepy
Allows users to gather already published and made
publicly available geolocation information from a number
of social networking platforms and image hosting
services
25. What’s in the box, Pandora?
Stegnography Tools
Outguess
Timeline Analysis
log2timeline
Virtual Machines
QtEmu, VirtualBox
Windows Registry
Fred, RegRipper