2006-05-17: Network Security, Intrusion Detection, Data Forensics
Meeting Announcement and Agenda
May Meeting Redux
33 people attended the May meeting.
The meeting started with projector drama. We managed to unplug the projector during the pre-meeting setup before it had a chance to properly cool the bulb. Upon turning the projector back on the light would not come on. So, I raced back to my office at UF to see if I could find the spare bulb. What I found out is that we don't have a spare bulb. A new bulb for this projector is about $400. So, it doesn't surprise me that I decided years ago to wait until the bulb failed before spending that much money for a new one. Fortuitously, David McDonald, took the bulb out, reseated it into its socket, and revived the projector. Since the meeting was about security and data integrity, the projector drama created a good opening discussion about the problems created by single points of failure.
The next security lesson was the age old adage,"if someone gains physical access to the device all bets are off". This lesson was delivered by Ramzi. He showed us how to build a door buster for $20.
Download the video used for the presentation here (20mb).
After that, the main event was delivered by Jordan Wiens and John Sawyer.
Drive Imaging
- dd (Windows and *nix)
- ddrescue - http://www.gnu.org/software/ddrescue/ddrescue.html
- dcfldd - http://dcfldd.sourceforge.net/
- dciiidd - not publicly available (DoD developed)
- sdd - http://directory.fsf.org/all/sdd.html
Data Integrity & File Hash Signatures
- md5deep - http://md5deep.sourceforge.net/
- hashdig - http://ftimes.sourceforge.net/FTimes/HashDig.shtml
- NSRL - http://www.nsrl.nist.gov/Downloads.htm
Data & Timeline Analysis
- Sleuthkit - http://www.sleuthkit.org/sleuthkit/index.php
- Autopsy - http://www.sleuthkit.org/autopsy/index.php
- Perl Tools
- Both of these are for Windows analysis but run on *nix
- Harlan Carvey - http://windowsir.blogspot.com/
- Jake Cunningham - http://jafat.sourceforge.net/files.html
- Ftimes - http://ftimes.sourceforge.net/FTimes/index.shtml
- mac-robber - http://www.sleuthkit.org/mac-robber/desc.php
Data Carving
- Foremost - http://foremost.sourceforge.net/
- Scalpel - http://www.digitalforensicssolutions.com/Scalpel/
- DFRWS 2006 Challenge (data carving) - http://www.dfrws.org/2006/challenge/index.html
Memory Analysis
- DFRWS 2005 Challenge (memory) - http://www.dfrws.org/2005/challenge/index.html
Linux Bootable CD for Forensics and Incident Response
- Helix - http://www.e-fense.com/helix/
Antiforensics
- Metasploit Anti-forensics- http://www.metasploit.com/projects/antiforensics/
Online Resources (forums, mailing lists & challenges)
- Forensic Focus - Forums & Articles - http://www.forensicfocus.com/
- ForensicsWiki.org - http://www.forensicswiki.org/wiki/Main_Page
- Honeynet Project Challenges - http://www.honeynet.org/misc/chall.html
- CFTT - http://www.cftt.nist.gov/
- Open Source Forensic Tools - http://www.opensourceforensics.org/tools/index.html
Recent comments
8 years 19 weeks ago
9 years 1 week ago
9 years 18 weeks ago
9 years 19 weeks ago
9 years 19 weeks ago
9 years 20 weeks ago
9 years 21 weeks ago
9 years 22 weeks ago
9 years 22 weeks ago
9 years 23 weeks ago