Tuesday 27 March 2012

Open Source Tools : Data Acquisition Automated Software

Armed with my book on Digital Forensics using Open Source Tools, I have prepared my machine with wiping it with Raptor starting with a fresh linux mint installation I have identified a few tools to start with. These tools are the ones for now that I will be using and abusing...

Like everything we start at acquisitions the how we obtain electronic evidence and how to preserve the integrity thereof. We have a few option in those categories:

    • FTK Imager : Yes, this is a commercial product however for the imager you do not need licensing and I personally like using this programme has the abillities to capture volatile data along with giving you the option in which format you would like to save your image. This programme also hashes the original media and calculates the MD5 checksum along with the SHA-1 and recalculates it afterwards, when the hashes matches you know the integrity of your evidence is proven.
    • Raptor : The most important factor which makes it a worhtwhile product for the rookie examiner is that is is incredibly easy to use as the GUI interface eliminates the pesky use of command line. The product is widely supported by all computers and hardware that can support linux Ubuntu. One of the most contributing factors is that you do not need to disassemble to hardware and allows you to preview the internal hard drives with never having to open the machine. It also allows for you to acquire without the use of hardware writeblockers as it has been modified to write-block all media upon boot thus preventing accidental writes. (Lets face it hardware writeblocker are expensive no matter where you live).
    • Paladin  is a modified Live Linux distribution based on Ubuntu that simplifies the process creating forensic images in a forensically sound manner. PALADIN was designed with the understanding that many of those tasked with creating forensic images are not comfortable with using the command-line but still want to utilize the power of Linux. PALADIN was also designed with the understanding that many agencies or companies have limited budgets PALADIN CD version is always free!It is incredibly easy to use and eliminates the need to remember confusing commands and switches,it will work on any computer or hardware that is supported by Ubuntu Linux,allows a user to safely image and preview internal hard drives without having to disassemble the computer or laptopand it  has been modified to write-protect all attached media upon boot thereby preventing accidental writes or having to use expensive physical write-blockers.
      You can download both these products at:

      www.accessdata.com
      http://forwarddiscovery.com/Raptor
      http://www.sumuri.com/index.php/joomla/weblinks











Posted by at No comments:

The beginning

There once was a girl, who dreamt of a worl where 1 and zero coexist, where her geekness did not warrant her uncool or made her the target for bullying.

Cheezy I know, but I was this young girl, a low class hacker (script kiddie with a keen interest in everything electronic) who was found and brought to the darkside where I might mention they have the coolest toys and muffins. ( I might just add this refers to my view of Digital Forensics)

When I discovered Computer Forensics that little girl felt she came home, I spend most of my days at school trying to fit in and be "normal", which I have learnt is a matter of perspective and the only opinion about my normalisy I am worried about is my other 47 personalities (only a joke).

Like most rookies I have jumped into the depths eager to learn more and be able to do cool parlour tricks like the more experienced guys. This is no longer the goal, the goal is to be totally non dependant of tools.

This is my journey into OPEN SOURCE ...


Posted by at No comments:
Subscribe to: Posts (Atom)