La Computer Forensics made in Italy....
Condividere la conoscenza e distribuire gli eventi su tutto il territorio nazionale
Condividere la conoscenza e distribuire gli eventi su tutto il territorio nazionale
Nuova versione di “Law Enforcement and Forensic Examiner’s Introduction to Linux”
Barry Grundy mi ha segnalato il rilascio della nuova versioni del suo testo “Law Enforcement and Forensic Examiner’s Introduction to Linux”, riporto sotto le modifiche apportate dalla prima versione:
Version 3.65
-Switched to 2.6 kernel install in intro (Slackware 12.1).
-Added brief section on device detection (by request).
-updated details for recent versions of Linux tools.
-updated Sleuthkit and libewf section to account for changes in install for
TSK > 2.50 (autotools build design).
-moved libewf before TSK to account for lib install.
-added section on alternative imaging tools (dc3dd,ddrescue)
-added dls exercises by request (TSK).
-added brief exercise on sigfind (TSK).
Version 3.20
-added compression on the fly exercise (for dd).
-added dd over the wire (network acquisition).
-added more detailed Sleuthkit section (commands)
-added TSK NTFS exercises (ADS, deleted files,sorter)
-added deleted file allocation determination and recovery exercise (TSK/EXT2)
-removed support for Autopsy (I just don’t use it anymore-I’ll add it back if
enough people request it).
-added libewf section.
-removed reference to NASA loopback (unsupported)
-added SMART filtering section using NTFS (classroom exercise)
-added SMART search section using EXT (classroom exercise).
-added section on configuring Slackware if a 2.6 kernel version is used (12.x).
Version 2.55
-added a changelog 
-Document is now Slackware centric
-updated to Sleuthkit 2.0x (full disk images and split support)
-updated to Autopsy 2.0x (for use with new TSK)
-formatting changes for readability
Interessante anche dare un occhiata alla pagina di ToDo per apprezzare l’impegno di Barry e tenere d’occhio il rilascio dellefuture versioni:
– Scripting Section (already written, just need time to edit)
– File carving section (also already written)
- Photorec
- scalpel
- SMART
– hash analysis
– Virus scanning
– aimage (aff)
– Simple indexing
– Removal of references to floppy disks. (analysis and mount examples)
- Repalce with USB thumb images for all exercises.
– Due in version 4:
- Consolidation of all exercises in a ‘bring it all together’ disk
image exercise.