I had thought making a site with many up to date links with free open source tools would prove a popular spot for people wanting to start out in computer forensics.
Very few people seem to visit the site at all. Why i wonder? Is it hard to read? Is my taste in colour a bit random? Please feel free to douse the site by letting me know !
When I was starting out learning I found it really hard to find good links to open source tools to play about with. I have used the majority of the tools on the site below and hopefully given more time I can write about each of them.
I think I may even re write the links site giving more information about each item on it. Perhaps that will help.
For now, here is a little bump for the site!
http://forensic-links.blogspot.com/
http://forensic-links.blogspot.com/
Would appreciate people stopping by and letting me know how I can improve it.
Sunday, February 22, 2009
Tuesday, February 10, 2009
My next book - EnCase Computer Forensics: The Official EnCE - EnCase Certified Examiner Study Guide (Paperback)
I have just recently purchased EnCase Computer Forensics: The Official EnCE - EnCase Certified Examiner Study Guide (Paperback) and hope to do a review soon. I am looking forward to the included CD with software and working examples to play around with.
Stay tuned !
Stay tuned !
Monday, February 9, 2009
Computer Forensic Certifications
I just thought I would share some of the certifications I have been researching for the future.
GCFA - GIAC Certified Forensics Analyst
CHFI - Certified Hacking Forensic Investigator
CISSP - Certified Information Systems Security Professional
CCE - Certified Computer Examiner
CCFT - Certified Computer Forensic Technician
EnCE - EnCase Certified Examiner
ACE - AccessData Certified Examiner
CPE - Certified ProDiscover Examiner
I have more or less decided I would go for the EnCE or ACE certification, based solely on that the majority of jobs I have seen advertised require good knowledge of either or both of these products. I am yet to see any job asking for anything else specific, but I do understand some of these certifications could give useful knowledge.
I would really appreciate hearing from anyone who has done either of these courses or in fact other courses who could share their views and opinions.
GCFA - GIAC Certified Forensics Analyst
CHFI - Certified Hacking Forensic Investigator
CISSP - Certified Information Systems Security Professional
CCE - Certified Computer Examiner
CCFT - Certified Computer Forensic Technician
EnCE - EnCase Certified Examiner
ACE - AccessData Certified Examiner
CPE - Certified ProDiscover Examiner
I have more or less decided I would go for the EnCE or ACE certification, based solely on that the majority of jobs I have seen advertised require good knowledge of either or both of these products. I am yet to see any job asking for anything else specific, but I do understand some of these certifications could give useful knowledge.
I would really appreciate hearing from anyone who has done either of these courses or in fact other courses who could share their views and opinions.
Friday, February 6, 2009
Thursday, February 5, 2009
Getting The Sleuth Kit and Autopsy Browser running on Ubuntu 8.04 Desktop with VMware Tools on windows Xp
To begin a few links you'll need.
VMware Player - Lets you create a virtual machine, think Linux inside a window.
Ubuntu 8.04 Desktop - Loads into VMplayer so you have it running in windows
The Sleuth Kit (TSK) - The website is the best source for information here.
Autopsy Forensic Browser - Makes TSK easier to use by adding graphical interface
Once you have all these downloaded you can begin by installing VMware Player.
Next go to where you placed Ubuntu and look for a file called Ubuntu you should be able to double click this to load up Ubuntu in VMware player. You can find the basic information and username/password in the info.txt found inside the same folder.
Once you are at the desktop of Ubuntu you'll be needing the TSK and Autopsy files putting on, I my self just went on firefox which is already on Ubuntu and downloaded the files above. The versions I used are sleuthkit-3.0.1.tar.gz and autopsy-2.21.tar.gz.
On your desktop where the files would appear by default, you will want to extract them using the default program offered.
Next load up Terminal which can be found at the top left in Applications/Accessories
The first thing to do here is download build essential because without it, you wont be able to compile properly. The error I was getting before installing this was.
configure: error: C++ preprocessor "/lib/cpp" fails sanity check
Type the following...
sudo aptitude update
When promoted for password enter your password.
sudo aptitude install build-essential
This should now have installed all the elements of build-essential.
-----
NOTE : Some permission issues/errors that can occur can be fixed by running the same commands from root, You can become root by typing sudo -i in terminal. To exit Root after you have run the command type exit .
Make sure you don't stay in root as it can cause more problems and damage.
-----
Next we'll install TSK. Type the following
cd /home/user/Desktop/sleuthkit-3.0.0
(Obviously if you installed it somewhere else simply adjust the above to match)
Next type.
./configure
This should run without errors after installing build essential as we did above.
Type make
Don't be afraid at all the text that appears just wait till its fininshed.
Next Type make install
You may need to add sudo before this .. so sudo make install
This should have completed the TSK install.
Moving on now to the Autopsy install. (I am assuming you have already extracted the file into a directory)
Type cd /home/user/Desktop/autopsy-2.20
Again type the commands
./configure
make
At the prompt that will appear first you'll want to say No. For more information see the INSTALL.TXT
Next you ll be asked to provide a directory for evidence locker this folder must be made by you. I placed mine on my desktop by right clicking the desktop and selecting Create folder. I named it locker.
So in the box back at the prompt you would type
/home/user/Desktop/locker
Now when you want to run autopsy make sure your in the right directory by typing this from terminal.
cd /home/user/Desktop/autopsy-2.20
Then type ./autopsy
Now copy what it says Http://localhost:9999/autopsy into firefox.
Welcome to TSK with Autopsy !
In time I hope to create some basic images for practise investigations. So keep tuned to the blog!
Remember to keep the terminal window open and when your done with it, you simply press control and c
A helpful thing to remember is check the INSTALL.txt for extra information and a good tip when using terminal is you can drag and drop files into the terminal window to quickly get the directory written for you.
I hope this guide was of use to someone, I don't claim to be an expert I just aimed this at helping any one stuck. If you ran into trouble at any stage of the above please feel free to leave a comment and Ill do my up most to see if I can help you get it fixed.
Any comments welcome.. the good, the bad and even ugly.
VMware Player - Lets you create a virtual machine, think Linux inside a window.
Ubuntu 8.04 Desktop - Loads into VMplayer so you have it running in windows
The Sleuth Kit (TSK) - The website is the best source for information here.
Autopsy Forensic Browser - Makes TSK easier to use by adding graphical interface
Once you have all these downloaded you can begin by installing VMware Player.
Next go to where you placed Ubuntu and look for a file called Ubuntu you should be able to double click this to load up Ubuntu in VMware player. You can find the basic information and username/password in the info.txt found inside the same folder.
Once you are at the desktop of Ubuntu you'll be needing the TSK and Autopsy files putting on, I my self just went on firefox which is already on Ubuntu and downloaded the files above. The versions I used are sleuthkit-3.0.1.tar.gz and autopsy-2.21.tar.gz.
On your desktop where the files would appear by default, you will want to extract them using the default program offered.
Next load up Terminal which can be found at the top left in Applications/Accessories
The first thing to do here is download build essential because without it, you wont be able to compile properly. The error I was getting before installing this was.
configure: error: C++ preprocessor "/lib/cpp" fails sanity check
Type the following...
sudo aptitude update
When promoted for password enter your password.
sudo aptitude install build-essential
This should now have installed all the elements of build-essential.
-----
NOTE : Some permission issues/errors that can occur can be fixed by running the same commands from root, You can become root by typing sudo -i in terminal. To exit Root after you have run the command type exit .
Make sure you don't stay in root as it can cause more problems and damage.
-----
Next we'll install TSK. Type the following
cd /home/user/Desktop/sleuthkit-3.0.0
(Obviously if you installed it somewhere else simply adjust the above to match)
Next type.
./configure
This should run without errors after installing build essential as we did above.
Type make
Don't be afraid at all the text that appears just wait till its fininshed.
Next Type make install
You may need to add sudo before this .. so sudo make install
This should have completed the TSK install.
Moving on now to the Autopsy install. (I am assuming you have already extracted the file into a directory)
Type cd /home/user/Desktop/autopsy-2.20
Again type the commands
./configure
make
At the prompt that will appear first you'll want to say No. For more information see the INSTALL.TXT
Next you ll be asked to provide a directory for evidence locker this folder must be made by you. I placed mine on my desktop by right clicking the desktop and selecting Create folder. I named it locker.
So in the box back at the prompt you would type
/home/user/Desktop/locker
Now when you want to run autopsy make sure your in the right directory by typing this from terminal.
cd /home/user/Desktop/autopsy-2.20
Then type ./autopsy
Now copy what it says Http://localhost:9999/autopsy into firefox.
Welcome to TSK with Autopsy !
In time I hope to create some basic images for practise investigations. So keep tuned to the blog!
Remember to keep the terminal window open and when your done with it, you simply press control and c
A helpful thing to remember is check the INSTALL.txt for extra information and a good tip when using terminal is you can drag and drop files into the terminal window to quickly get the directory written for you.
I hope this guide was of use to someone, I don't claim to be an expert I just aimed this at helping any one stuck. If you ran into trouble at any stage of the above please feel free to leave a comment and Ill do my up most to see if I can help you get it fixed.
Any comments welcome.. the good, the bad and even ugly.
Wednesday, February 4, 2009
A book of Interest
I recently read Computer Forensics for Dummies, the book is a great start to learning about computer forensics. It cost me just 12 pound and has given me a good starting knowledge of all aspects of what the job involves... From acquiring data to how to handle court. It has a good glossary of terms for reference and is very up to date being as though it was only published towards the end of 2008. I would certainly recommend this book for people starting out in the field of computer forensics, its basic, covers alot, and is cheap.. can't ask for much more than that.
That concludes my quick review of Computer Forensics for Dummies.
That concludes my quick review of Computer Forensics for Dummies.
Welcome to my Follow Computer Forensics Blog
Hi, This site is set to follow my progress in my future career to become a Computer Forensic Analyst. In time I hope to track my time through University and gathering certifications.
I will be keeping the site up to date with useful links, videos, and my experiences. For example I had trouble setting up a lab for testing but in the end have one running, all with free tools using windows Xp and vmware. Something I will cover in detail soon.
I aim the site to help other people in the similar situation of starting out in computer forensics. I found it can be very frustrating getting to grasp with new tools that help files dont cover issues I encountered.
I will be keeping the site up to date with useful links, videos, and my experiences. For example I had trouble setting up a lab for testing but in the end have one running, all with free tools using windows Xp and vmware. Something I will cover in detail soon.
I aim the site to help other people in the similar situation of starting out in computer forensics. I found it can be very frustrating getting to grasp with new tools that help files dont cover issues I encountered.
Subscribe to:
Posts (Atom)